Skip to main content

Nonce-based Freshness for Remote Attestation in Certificate Signing Requests (CSRs) for the Certification Management Protocol (CMP) and for Enrollment over Secure Transport (EST)
draft-tschofenig-lamps-nonce-cmp-est-01

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Authors Hannes Tschofenig , Hendrik Brockhaus
Last updated 2024-04-03 (Latest revision 2024-03-03)
Replaces draft-tschofenig-lamps-nonce-for-cmp
Replaced by draft-ietf-lamps-attestation-freshness
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-attestation-freshness
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Certificate Management Protocol (CMP) and Enrollment over Secure Transport (EST) define protocol messages for X.509v3 certificate creation and management. Both protocol provide interactions between client systems and PKI management entities, such as a Registration Authority (RA) and a Certification Authority (CA). CMP and EST allow an RA/CA to request additional information it has to provide in a certification request. When an end entity places attestation Evidence in a Certificate Signing Request (CSR) it may need to demonstrate freshness of the provided Evidence. Attestation technology today often accomplishes this task via the help of nonces. This document specifies how nonces are provided by an RA/CA to the end entity for inclusion in Evidence.

Authors

Hannes Tschofenig
Hendrik Brockhaus

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)