Nonce-based Freshness for Remote Attestation in Certificate Signing Requests (CSRs) for the Certification Management Protocol (CMP) and for Enrollment over Secure Transport (EST)
draft-tschofenig-lamps-nonce-cmp-est-01
Document | Type |
Replaced Internet-Draft
(lamps WG)
Expired & archived
|
|
---|---|---|---|
Authors | Hannes Tschofenig , Hendrik Brockhaus | ||
Last updated | 2024-04-03 (Latest revision 2024-03-03) | ||
Replaces | draft-tschofenig-lamps-nonce-for-cmp | ||
Replaced by | draft-ietf-lamps-attestation-freshness | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | Candidate for WG Adoption | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-lamps-attestation-freshness | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Certificate Management Protocol (CMP) and Enrollment over Secure Transport (EST) define protocol messages for X.509v3 certificate creation and management. Both protocol provide interactions between client systems and PKI management entities, such as a Registration Authority (RA) and a Certification Authority (CA). CMP and EST allow an RA/CA to request additional information it has to provide in a certification request. When an end entity places attestation Evidence in a Certificate Signing Request (CSR) it may need to demonstrate freshness of the provided Evidence. Attestation technology today often accomplishes this task via the help of nonces. This document specifies how nonces are provided by an RA/CA to the end entity for inclusion in Evidence.
Authors
Hannes Tschofenig
Hendrik Brockhaus
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)