Epoch Markers
draft-birkholz-rats-epoch-markers-04
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Authors | Henk Birkholz , Thomas Fossati , Wei Pan , Carsten Bormann | ||
| Last updated | 2023-03-13 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-birkholz-rats-epoch-markers-04
RATS Working Group H. Birkholz
Internet-Draft Fraunhofer SIT
Intended status: Standards Track T. Fossati
Expires: 15 September 2023 Arm Limited
W. Pan
Huawei Technologies
C. Bormann
Universität Bremen TZI
14 March 2023
Epoch Markers
draft-birkholz-rats-epoch-markers-04
Abstract
This document defines Epoch Markers as a way to establish a notion of
freshness among actors in a distributed system. Epoch Markers are
similar to "time ticks" and are produced and distributed by a
dedicated system, the Epoch Bell. Systems that receive Epoch Markers
do not have to track freshness using their own understanding of time
(e.g., via a local real-time clock). Instead, the reception of a
certain Epoch Marker establishes a new epoch that is shared between
all recipients.
About This Document
This note is to be removed before publishing as an RFC.
Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-birkholz-rats-epoch-markers/.
Discussion of this document takes place on the rats Working Group
mailing list (mailto:rats@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/rats/. Subscribe at
https://www.ietf.org/mailman/listinfo/rats/.
Source for this draft and an issue tracker can be found at
https://github.com/ietf-rats/draft-birkholz-rats-epoch-marker.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Birkholz, et al. Expires 15 September 2023 [Page 1]
Internet-Draft Epoch Markers March 2023
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 15 September 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 4
2. Epoch IDs . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Interaction Models . . . . . . . . . . . . . . . . . . . . . 5
4. Epoch Marker Structure . . . . . . . . . . . . . . . . . . . 5
4.1. Epoch Marker Payloads . . . . . . . . . . . . . . . . . . 6
4.1.1. CBOR Time Tag (etime) . . . . . . . . . . . . . . . . 6
4.1.2. Classical RFC 3161 TST Info . . . . . . . . . . . . . 6
4.1.3. CBOR-encoded RFC3161 TST Info . . . . . . . . . . . . 6
4.1.4. Multi-Nonce . . . . . . . . . . . . . . . . . . . . . 9
4.1.5. Multi-Nonce-List . . . . . . . . . . . . . . . . . . 9
4.1.6. Strictly Monotonically Increasing Counter . . . . . . 10
4.1.7. Stateless Nonce . . . . . . . . . . . . . . . . . . . 10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
6.1. New CBOR Tags . . . . . . . . . . . . . . . . . . . . . . 11
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 15
Birkholz, et al. Expires 15 September 2023 [Page 2]
Internet-Draft Epoch Markers March 2023
A.1. RFC 3161 TSTInfo . . . . . . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction
Systems that need to interact securely often require a shared
understanding of the freshness of conveyed information. This is
certainly the case in the domain of remote attestation procedures.
In general, securely establishing a shared notion of freshness of the
exchanged information among entities in a distributed system is not a
simple task.
The entire Appendix A of [I-D.ietf-rats-architecture] deals solely
with the topic of freshness, which is in itself an indication of how
relevant, and complex, it is to establish a trusted and shared
understanding of freshness in a RATS system.
This document defines Epoch Markers as a way to establish a notion of
freshness among actors in a distributed system. Epoch Markers are
similar to "time ticks" and are produced and distributed by a
dedicated system, the Epoch Bell. Systems that receive Epoch Markers
do not have to track freshness using their own understanding of time
(e.g., via a local real-time clock). Instead, the reception of a
certain Epoch Marker establishes a new epoch that is shared between
all recipients. In essence, the emissions and corresponding
receptions of Epoch Markers are like the ticks of a clock where the
ticks are conveyed by the Internet.
In general (barring highly symmetrical topologies), epoch ticking
incurs differential latency due to the non-uniform distribution of
receivers with respect to the Epoch Bell. This introduces skew that
needs to be taken into consideration when Epoch Markers are used.
While all Epoch Markers share the same core property of behaving like
clock ticks in a shared domain, various "epoch id" types are defined
to accommodate different use cases and diverse kinds of Epoch Bells.
Birkholz, et al. Expires 15 September 2023 [Page 3]
Internet-Draft Epoch Markers March 2023
While Epoch Markers are encoded in CBOR [STD94], and many of the
epoch id types are themselves encoded in CBOR, a prominent format in
this space is the Time-Stamp Token defined by [RFC3161], a DER-
encoded TSTInfo value wrapped in a CMS envelope [RFC5652]. Time-
Stamp Tokens (TST) are produced by Time-Stamp Authorities (TSA) and
exchanged via the Time-Stamp Protocol (TSP). At the time of writing,
TSAs are the most common providers of secure time-stamping services.
Therefore, reusing the core TSTInfo structure as an epoch id type for
Epoch Markers is instrumental for enabling smooth migration paths and
promote interoperability. There are, however, several other ways to
represent a signed timestamp, and therefore other kinds of payloads
that can be used to implement Epoch Markers.
To inform the design, this document discusses a number of interaction
models in which Epoch Markers are expected to be exchanged. The top-
level structure of Epoch Markers and an initial set of epoch id types
are specified using CDDL [RFC8610]. To increase trustworthiness in
the Epoch Bell, Epoch Markers also provide the option to include a
"veracity proof" in the form of attestation evidence, attestation
results, or SCITT receipts [I-D.birkholz-scitt-receipts] associated
with the trust status of the Epoch Bell.
1.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
In this document, CDDL [RFC8610] is used to describe the data
formats. The examples in Appendix A use CBOR diagnostic notation as
defined in Section 8 of [STD94] and Appendix G of [RFC8610].
2. Epoch IDs
The RATS architecture introduces the concept of Epoch IDs that mark
certain events during remote attestation procedures ranging from
simple handshakes to rather complex interactions including elaborate
freshness proofs. The Epoch Markers defined in this document are a
solution that includes the lessons learned from TSAs, the concept of
Epoch IDs defined in the RATS architecture, and provides several
means to identify a new freshness epoch. Some of these methods are
introduced and discussed in Section 10.3 of the RATS architecture
[I-D.ietf-rats-architecture].
Birkholz, et al. Expires 15 September 2023 [Page 4]
Internet-Draft Epoch Markers March 2023
3. Interaction Models
The interaction models illustrated in this section are derived from
the RATS Reference Interaction Models. In general, there are three
interaction models:
* ad-hoc requests (e.g., via challenge-response requests addressed
at Epoch Bells), corresponding to Section 7.1 in
[I-D.ietf-rats-reference-interaction-models]
* unsolicited distribution (e.g., via uni-directional methods, such
as broad- or multicasting from Epoch Bells), corresponding to
Section 7.2 in [I-D.ietf-rats-reference-interaction-models]
* solicited distribution (e.g., via a subscription to Epoch Bells),
corresponding to Section 7.3 in
[I-D.ietf-rats-reference-interaction-models]
4. Epoch Marker Structure
At the top level, an Epoch Marker is a CBOR array with a header
carrying an optional veracity proof about the Epoch Bell and a
payload.
epoch-marker = [
$tagged-epoch-id
? bell-veracity-proof
]
; veracity of the bell
bell-veracity-proof = non-empty<{
? remote-attestation-evidence ; could be EAT or Concise Evidence
? remote-attestation-result ; hopefully EAT with AR4SI Claims
? scitt-receipt ; SCITT receipt
}>
remote-attestation-evidence = (1: "PLEASE DEFINE")
remote-attestation-result = (2: "PLEASE DEFINE")
scitt-receipt = (3: "PLEASE DEFINE")
; epoch-id types independent of interaction model
$tagged-epoch-id /= cbor-epoch-id
$tagged-epoch-id /= #6.26980(classical-rfc3161-TST-info)
$tagged-epoch-id /= #6.26981(TST-info-based-on-CBOR-time-tag)
$tagged-epoch-id /= #6.26982(multi-nonce)
$tagged-epoch-id /= #6.26983(multi-nonce-list)
$tagged-epoch-id /= #6.26984(strictly-monotonic-counter)
$tagged-epoch-id /= #6.26985(stateless-nonce)
Birkholz, et al. Expires 15 September 2023 [Page 5]
Internet-Draft Epoch Markers March 2023
Figure 1: Epoch Marker definition
4.1. Epoch Marker Payloads
This memo comes with a set of predefined payloads.
4.1.1. CBOR Time Tag (etime)
CBOR extended time tag (1001) optionally bundled with a nonce.
See Section 3 of [I-D.ietf-cbor-time-tag] for the (many) details
about the CBOR extended time format.
cbor-epoch-id = [
etime
? nonce
]
etime = #6.1001({* (int/tstr) => any})
nonce = tstr / bstr / int
The following describes each member of the cbor-epoch-id map.
etime: An extended time value as defined by
[I-D.ietf-cbor-time-tag].
nonce: A never-repeating byte string used as extra data in
challenge-response interaction models (see
[I-D.ietf-rats-reference-interaction-models]).
4.1.2. Classical RFC 3161 TST Info
DER-encoded [X.690] TSTInfo [RFC3161]. See Appendix A.1 for the
layout.
classical-rfc3161-TST-info = bytes
The following describes the classical-rfc3161-TST-info type.
classical-rfc3161-TST-info: The response message of a Time Stamp
Authority including a [RFC3161] Time Stamp Token Info structure.
4.1.3. CBOR-encoded RFC3161 TST Info
// Issue tracked at: https://github.com/ietf-rats/draft-birkholz-
rats-epoch-marker/issues/18
Birkholz, et al. Expires 15 September 2023 [Page 6]
Internet-Draft Epoch Markers March 2023
The TST-info-based-on-CBOR-time-tag is semantically equivalent to
classical [RFC3161] TSTInfo, rewritten using the CBOR type system.
TST-info-based-on-CBOR-time-tag = {
&(version : 0) => v1
&(policy : 1) => oid
&(messageImprint : 2) => MessageImprint
&(serialNumber : 3) => integer
&(eTime : 4) => profiled-etime
? &(ordering : 5) => bool .default false
? &(nonce : 6) => integer
? &(tsa : 7) => GeneralName
* $$TSTInfoExtensions
}
v1 = 1
oid = #6.111(bstr) / #6.112(bstr)
MessageImprint = [
hashAlg : int
hashValue : bstr
]
profiled-etime = #6.1001(timeMap)
timeMap = {
1 => ~time
? -8 => profiled-duration
* int => any
}
profiled-duration = {* int => any}
GeneralName = [ GeneralNameType : int, GeneralNameValue : any ]
; See Section 4.2.1.6 of RFC 5280 for type/value
The following describes each member of the TST-info-based-on-CBOR-
time-tag map.
version:
The integer value 1. Cf. version, Section 2.4.2 of [RFC3161].
policy:
A [RFC9090] object identifier tag (111 or 112) representing the
TSA's policy under which the tst-info was produced. Cf. policy,
Section 2.4.2 of [RFC3161].
messageImprint:
Birkholz, et al. Expires 15 September 2023 [Page 7]
Internet-Draft Epoch Markers March 2023
A [RFC9054] COSE_Hash_Find array carrying the hash algorithm
identifier and the hash value of the time-stamped datum. Cf.
messageImprint, Section 2.4.2 of [RFC3161].
serialNumber:
A unique integer value assigned by the TSA to each issued tst-
info. Cf. serialNumber, Section 2.4.2 of [RFC3161].
eTime:
The time at which the tst-info has been created by the TSA. Cf.
genTime, Section 2.4.2 of [RFC3161]. Encoded as extended time
[I-D.ietf-cbor-time-tag], indicated by CBOR tag 1001, profiled as
follows:
* The "base time" is encoded using key 1, indicating Posix time as
int or float.
* The stated "accuracy" is encoded using key -8, which indicates the
maximum allowed deviation from the value indicated by "base time".
The duration map is profiled to disallow string keys. This is an
optional field.
* The map MAY also contain one or more integer keys, which may
encode supplementary information
// Allowing unsigned integer (i.e., critical) keys goes counter
// interoperability.
ordering:
boolean indicating whether tst-info issued by the TSA can be
ordered solely based on the "base time". This is an optional
field, whose default value is "false". Cf. ordering,
Section 2.4.2 of [RFC3161].
nonce:
int value echoing the nonce supplied by the requestor. Cf. nonce,
Section 2.4.2 of [RFC3161].
tsa:
a single-entry GeneralNames array Section 11.8 of
[I-D.ietf-cose-cbor-encoded-cert] providing a hint in identifying
the name of the TSA. Cf. tsa, Section 2.4.2 of [RFC3161].
$$TSTInfoExtensions:
A CDDL socket (Section 3.9 of [RFC8610]) to allow extensibility of
the data format. Note that any extensions appearing here MUST
match an extension in the corresponding request. Cf. extensions,
Section 2.4.2 of [RFC3161].
Birkholz, et al. Expires 15 September 2023 [Page 8]
Internet-Draft Epoch Markers March 2023
4.1.4. Multi-Nonce
Typically, a nonce is a number only used once. In the context of
Epoch Markers, one Nonce can be distributed to multiple consumers,
each of them using that Nonce only once. Technically, that is not a
Nonce anymore. This type of Nonce is called Multi-Nonce in Epoch
Markers.
; Multi-Nonce
; a single nonce used by multiple entities
multi-nonce = tstr / bstr / int
The following describes the multi-nonce type.
multi-nonce: A never-repeating byte string used by RATS roles in a
trust domain as extra data included in the production of
conceptual messages as specified by the RATS architecture
[RFC9334] to associate them with a certain epoch.
4.1.5. Multi-Nonce-List
A list of nonces send to multiple consumer. The consumers use each
Nonce in the list of Nonces sequentially. Technically, each
sequential Nonce in the distributed list is not used just once, but
by every Epoch Marker consumer involved. This renders each Nonce in
the list a Multi-Nonce
; Multi-Nonce-List
; a list of nonces potentially used by multiple entities
multi-nonce-list = [ + multi-nonce ]
The following describes the multi-nonce type.
multi-nonce-list: A sequence of never-repeating byte strings used by
RATS roles in trust domain as extra data in the production of
conceptual messages as specified by the RATS architecture
[RFC9334] to associate them with a certain epoch. Each nonce in
the list is used in a consecutive production of a conceptual
messages. Asserting freshness of a conceptual message including a
nonce from the multi-nonce-list requires some state on the
receiver side to assess, if that nonce is the appropriate next
unused nonce from the multi-nonce-list.
Birkholz, et al. Expires 15 September 2023 [Page 9]
Internet-Draft Epoch Markers March 2023
4.1.6. Strictly Monotonically Increasing Counter
A strictly monotonically increasing counter.
The counter context is defined by the Epoch bell.
strictly-monotonic-counter = uint
The following describes the strictly-monotonic-counter type.
strictly-monotonic-counter: An unsigned integer used by RATS roles
in a trust domain as extra data in the production of of conceptual
messages as specified by the RATS architecture [RFC9334] to
associate them with a certain epoch. Each new strictly-monotonic-
counter value must be higher than the last one.
4.1.7. Stateless Nonce
In a highly available service (e.g., a cloud attestation verifier)
having to keep per-session nonce state poses scalablity problems. An
alternative is to use time-synchronised servers that share a
symmetric key, which produce and consume nonces based on coarse-
grained clock ticks that are signed using the shared secret. This
way, a nonce minted by a server in the pool can be processed by any
other server in pool, which avoids the need for session "stickiness."
A stateless-nonce supports the above use case by encoding a Posix
time (i.e., the epoch identifier), alongside a minimal set of
metadata, authenticated with a symmetric key in a self-contained and
compact token.
stateless-nonce = [
TimeToken
AuthTag: bstr .size 32
]
TimeToken = (
Version: bytes .size 1
KeyID: bytes .size 1
Timestamp: posix-time
Pad: bytes
)
posix-time = #6.1(int)
The following describes each member of the stateless-nonce array:
Version:
Birkholz, et al. Expires 15 September 2023 [Page 10]
Internet-Draft Epoch Markers March 2023
version of the TimeToken encoded as a single byte. The value MUST
be 0x01.
KeyID:
opaque identifier shared across the server pool for the signing
key used to compute AuthTag. It is semantically equivalent to the
TID field defined in Section 3.1.3 of [RFC6896].
Timestamp:
the timestamp associated with the current epoch encoded as CBOR
tag for Posix time. It MUST use the int format.
Pad:
zero or more pad bytes, used to make the stateless nonce the
desired size.
AuthTag:
HMAC [RFC2104] w/ SHA-256 computed over the CBOR serialisation of
TimeToken encoded as a 32-bytes string.
5. Security Considerations
TODO
6. IANA Considerations
// RFC Editor: please replace RFCthis with the RFC number of this RFC
// and remove this note.
6.1. New CBOR Tags
IANA is requested to allocate the following tags in the "CBOR Tags"
registry [IANA.cbor-tags], preferably with the specific CBOR tag
value requested:
Birkholz, et al. Expires 15 September 2023 [Page 11]
Internet-Draft Epoch Markers March 2023
+=======+========+===================================+===========+
| Tag | Data | Semantics | Reference |
| | Item | | |
+=======+========+===================================+===========+
| 26980 | bytes | DER-encoded RFC3161 TSTInfo | Section |
| | | | 4.1.2 of |
| | | | RFCthis |
+-------+--------+-----------------------------------+-----------+
| 26981 | map | CBOR-encoding of RFC3161 TSTInfo | Section |
| | | semantics | 4.1.3 of |
| | | | RFCthis |
+-------+--------+-----------------------------------+-----------+
| 26982 | tstr / | a nonce that is shared among many | Section |
| | bstr / | participants but that can only be | 4.1.4 of |
| | int | used once by each participant | RFCthis |
+-------+--------+-----------------------------------+-----------+
| 26983 | array | a list of multi-nonce | Section |
| | | | 4.1.5 of |
| | | | RFCthis |
+-------+--------+-----------------------------------+-----------+
| 26984 | uint | strictly monotonically increasing | Section |
| | | counter | 4.1.6 of |
| | | | RFCthis |
+-------+--------+-----------------------------------+-----------+
| 26985 | array | stateless nonce | Section |
| | | | 4.1.7 of |
| | | | RFCthis |
+-------+--------+-----------------------------------+-----------+
Table 1: New CBOR Tags
7. References
7.1. Normative References
[I-D.ietf-cbor-time-tag]
Bormann, C., Gamari, B., and H. Birkholz, "Concise Binary
Object Representation (CBOR) Tags for Time, Duration, and
Period", Work in Progress, Internet-Draft, draft-ietf-
cbor-time-tag-05, 13 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-cbor-
time-tag-05>.
Birkholz, et al. Expires 15 September 2023 [Page 12]
Internet-Draft Epoch Markers March 2023
[I-D.ietf-cose-cbor-encoded-cert]
Mattsson, J. P., Selander, G., Raza, S., Höglund, J., and
M. Furuhed, "CBOR Encoded X.509 Certificates (C509
Certificates)", Work in Progress, Internet-Draft, draft-
ietf-cose-cbor-encoded-cert-05, 10 January 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-cose-
cbor-encoded-cert-05>.
[IANA.cbor-tags]
IANA, "Concise Binary Object Representation (CBOR) Tags",
<https://www.iana.org/assignments/cbor-tags>.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://doi.org/10.17487/RFC2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://doi.org/10.17487/RFC2119>.
[RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato,
"Internet X.509 Public Key Infrastructure Time-Stamp
Protocol (TSP)", RFC 3161, DOI 10.17487/RFC3161, August
2001, <https://doi.org/10.17487/RFC3161>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, DOI 10.17487/RFC5652, September 2009,
<https://doi.org/10.17487/RFC5652>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://doi.org/10.17487/RFC8174>.
[RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data
Definition Language (CDDL): A Notational Convention to
Express Concise Binary Object Representation (CBOR) and
JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610,
June 2019, <https://doi.org/10.17487/RFC8610>.
[RFC9054] Schaad, J., "CBOR Object Signing and Encryption (COSE):
Hash Algorithms", RFC 9054, DOI 10.17487/RFC9054, August
2022, <https://doi.org/10.17487/RFC9054>.
Birkholz, et al. Expires 15 September 2023 [Page 13]
Internet-Draft Epoch Markers March 2023
[RFC9090] Bormann, C., "Concise Binary Object Representation (CBOR)
Tags for Object Identifiers", RFC 9090,
DOI 10.17487/RFC9090, July 2021,
<https://doi.org/10.17487/RFC9090>.
[RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote ATtestation procedureS (RATS)
Architecture", RFC 9334, DOI 10.17487/RFC9334, January
2023, <https://doi.org/10.17487/RFC9334>.
[STD94] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", STD 94, RFC 8949,
DOI 10.17487/RFC8949, December 2020,
<https://doi.org/10.17487/RFC8949>.
[STD96] Schaad, J., "CBOR Object Signing and Encryption (COSE):
Structures and Process", STD 96, RFC 9052,
DOI 10.17487/RFC9052, August 2022,
<https://doi.org/10.17487/RFC9052>.
[X.690] International Telecommunications Union, "Information
technology -- ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, August 2015, <https://www.itu.int/rec/T-REC-X.690>.
7.2. Informative References
[I-D.birkholz-scitt-receipts]
Birkholz, H., Riechert, M., Delignat-Lavaud, A., and C.
Fournet, "Countersigning COSE Envelopes in Transparency
Services", Work in Progress, Internet-Draft, draft-
birkholz-scitt-receipts-02, 24 October 2022,
<https://datatracker.ietf.org/doc/html/draft-birkholz-
scitt-receipts-02>.
[I-D.ietf-rats-architecture]
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote ATtestation procedureS (RATS)
Architecture", Work in Progress, Internet-Draft, draft-
ietf-rats-architecture-22, 28 September 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-rats-
architecture-22>.
[I-D.ietf-rats-reference-interaction-models]
Birkholz, H., Eckel, M., Pan, W., and E. Voit, "Reference
Interaction Models for Remote Attestation Procedures",
Work in Progress, Internet-Draft, draft-ietf-rats-
Birkholz, et al. Expires 15 September 2023 [Page 14]
Internet-Draft Epoch Markers March 2023
reference-interaction-models-07, 10 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-rats-
reference-interaction-models-07>.
[RFC6896] Barbato, S., Dorigotti, S., and T. Fossati, Ed., "SCS:
KoanLogic's Secure Cookie Sessions for HTTP", RFC 6896,
DOI 10.17487/RFC6896, March 2013,
<https://doi.org/10.17487/RFC6896>.
Appendix A. Examples
The example in Figure 2 shows an epoch marker with a cbor-epoch-id
and no bell veracity proof.
[
/ cbor-epoch-id / [
/ 1996-12-19T16:39:57-08:00[America//Los_Angeles][u-ca=hebrew] /
/ etime / 1001({
1: 851042397,
-10: "America/Los_Angeles",
-11: { "u-ca": "hebrew" }
})
]
/ no bell veracity proof /
]
Figure 2: CBOR epoch id without bell veracity proof
A.1. RFC 3161 TSTInfo
As a reference for the definition of TST-info-based-on-CBOR-time-tag
the code block below depects the original layout of the TSTInfo
structure from [RFC3161].
Birkholz, et al. Expires 15 September 2023 [Page 15]
Internet-Draft Epoch Markers March 2023
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce INTEGER OPTIONAL,
-- MUST be present if the similar field was present
-- in TimeStampReq. In that case it MUST have the same value.
tsa [0] GeneralName OPTIONAL,
extensions [1] IMPLICIT Extensions OPTIONAL }
Acknowledgements
TBD
Authors' Addresses
Henk Birkholz
Fraunhofer SIT
Rheinstrasse 75
64295 Darmstadt
Germany
Email: henk.birkholz@sit.fraunhofer.de
Thomas Fossati
Arm Limited
United Kingdom
Email: Thomas.Fossati@arm.com
Wei Pan
Huawei Technologies
Email: william.panwei@huawei.com
Carsten Bormann
Universität Bremen TZI
Bibliothekstr. 1
D-28359 Bremen
Germany
Birkholz, et al. Expires 15 September 2023 [Page 16]
Internet-Draft Epoch Markers March 2023
Phone: +49-421-218-63921
Email: cabo@tzi.org
Birkholz, et al. Expires 15 September 2023 [Page 17]