Skip to main content

Nonce-based Freshness for Attestation in Certification Requests for use with the Certification Management Protocol

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Hannes Tschofenig , Hendrik Brockhaus
Last updated 2023-08-01
Replaced by draft-tschofenig-lamps-nonce-cmp-est
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-tschofenig-lamps-nonce-cmp-est
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Certificate Management Protocol (CMP) defines protocol messages for X.509v3 certificate creation and management. CMP provides interactions between client systems and PKI components, such as a Registration Authority (RA) and a Certification Authority (CA). CMP allows an RA/CA to inform an end entity about the information it has to provide in a certification request. When an end entity places attestation information in form of evidence in a certification signing request (CSR) it may need to demonstrate freshness of the provided evidence. Attestation technology today often accomplishes this task via the help of nonces. This document specifies how nonces are provided by an RA/CA to the end entity for inclusion in evidence.


Hannes Tschofenig
Hendrik Brockhaus

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)