Skip to main content

Concise Reference Integrity Manifest

Document Type Replaced Internet-Draft (candidate for rats WG)
Expired & archived
Authors Henk Birkholz , Thomas Fossati , Yogesh Deshpande , Ned Smith , Wei Pan
Last updated 2022-08-03 (Latest revision 2022-07-11)
Replaced by draft-ietf-rats-corim
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Golang implementation
Mailing list discussion
Stream WG state Call For Adoption By WG Issued
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-rats-corim
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Remote Attestation Procedures (RATS) enable Relying Parties to assess the trustworthiness of a remote Attester and therefore to decide whether to engage in secure interactions with it. Evidence about trustworthiness can be rather complex and it is deemed unrealistic that every Relying Party is capable of the appraisal of Evidence. Therefore that burden is typically offloaded to a Verifier. In order to conduct Evidence appraisal, a Verifier requires not only fresh Evidence from an Attester, but also trusted Endorsements and Reference Values from Endorsers and Reference Value Providers, such as manufacturers, distributors, or device owners. This document specifies Concise Reference Integrity Manifests (CoRIM) that represent Endorsements and Reference Values in CBOR format. Composite devices or systems are represented by a collection of Concise Module Identifiers (CoMID) and Concise Software Identifiers (CoSWID) bundled in a CoRIM document.


Henk Birkholz
Thomas Fossati
Yogesh Deshpande
Ned Smith
Wei Pan

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)