Skip to main content

Use of Attestation with Certification Signing Requests
draft-ounsworth-csr-attestation-00

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Authors Mike Ounsworth , Hannes Tschofenig
Last updated 2023-09-29 (Latest revision 2023-07-08)
Replaced by draft-ietf-lamps-csr-attestation
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-csr-attestation
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Utilizing information from a device or hardware security module about its posture can help to improve security of the overall system. Information about the manufacturer of the hardware, the version of the firmware running on this hardware and potentially about the layers of software above the firmware, the presence of hardware security functionality to protect keys and many more properties can be made available to remote parties in a cryptographically secured way. This functionality is accomplished with attestation technology. This document describes extensions to encode evidence produced by an attester for inclusion in PKCS10 certificate signing requests. More specifically, two new ASN.1 Attribute definitions, and an ASN.1 CLASS definition to convey attestation information to a Registration Authority or to a Certification Authority are described.

Authors

Mike Ounsworth
Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)