The Entity Attestation Token (EAT)
draft-ietf-rats-eat-31

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-rats-eat@ietf.org, ned.smith@intel.com, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'The Entity Attestation Token (EAT)' to Proposed Standard (draft-ietf-rats-eat-29.txt)

The IESG has approved the following document:
- 'The Entity Attestation Token (EAT)'
  (draft-ietf-rats-eat-29.txt) as Proposed Standard

This document is the product of the Remote ATtestation ProcedureS Working
Group.

The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-rats-eat/

Ballot Text

Technical Summary

   An Entity Attestation Token (EAT) provides an attested claims set
   that describes state and characteristics of an entity, a device like
   a smartphone, IoT device, network equipment or such.  This claims set
   is used by a relying party, server or service to determine how much
   it wishes to trust the entity.

   An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with
   attestation-oriented claims.

Working Group Summary

In additional to the history noted in the shepherd report, the WG held significant discussions on which claims should be sought for early allocation.

-24 of this document was already approved by the IESG in January 2024.  It sat in the RFCEditor queue with a MISREF state waiting for draft-ietf-suit-manifest to progress.  As it became clear that the dependencies that draft-ietf-suit-manifest was waiting on were not going to be ready in the near future.  The small dependency this document had on the SUIT work was removed.  It ensure this revision was properly coordinated and had consensus, this document was removed from the RFC Editor queue, and underwent another WG and IETF LC.  Now this document is returning for a second IESG review.

Document Quality

   EAT Libraries:
        - CBOR Formats - open source project
                o Rust:  https://github.com/carl-wallace/cbor_formats
        - EAT library - open source project
                o C: https://github.com/laurencelundblade/ctoken
        - A command line utility based on EAT library - open source project
                o C: https://github.com/laurencelundblade/xclaim
   EAT Profiles:
        - PSA
                o Golang: https://github.com/veraison/psatoken
                o C: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation
                o Python: https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/iat-verifier
        - CCA
                o Golang: https://github.com/veraison/ccatoken
                o C: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/lib/attestation
        - FIDO FDO - open source project
                o Java: https://github.com/secure-device-onboard/pri-fidoiot/blob/master/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/EatPayloadBase.java.
        - Global Platform - very early code of an EAT profile, may evolve into
        open source
                o https://github.com/GlobalPlatform/TPS-API-Reference-Implementations.
        - Microsoft Azure Attestation - proprietary
                o https://github.com/CCC-Attestation/meetings/blob/main/materials/GregKostal_EAT_in_MAA.pdf

Personnel

   The Document Shepherd for this document is Ned Smith. The Responsible
   Area Director is Roman Danyliw.

RFC Editor Note