Use of Attestation with Certification Signing Requests
draft-ounsworth-csr-attestation-00
| Document | Type |
Replaced Internet-Draft
(lamps WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Mike Ounsworth , Hannes Tschofenig | ||
| Last updated | 2023-09-29 (Latest revision 2023-07-08) | ||
| Replaced by | draft-ietf-lamps-csr-attestation | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-lamps-csr-attestation | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Utilizing information from a device or hardware security module about its posture can help to improve security of the overall system. Information about the manufacturer of the hardware, the version of the firmware running on this hardware and potentially about the layers of software above the firmware, the presence of hardware security functionality to protect keys and many more properties can be made available to remote parties in a cryptographically secured way. This functionality is accomplished with attestation technology. This document describes extensions to encode evidence produced by an attester for inclusion in PKCS10 certificate signing requests. More specifically, two new ASN.1 Attribute definitions, and an ASN.1 CLASS definition to convey attestation information to a Registration Authority or to a Certification Authority are described.
Authors
Mike Ounsworth
Hannes Tschofenig
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)