Limited Additional Mechanisms for PKIX and SMIME              C. Wallace
Internet-Draft                                                 Red Hound
Intended status: Standards Track                               S. Turner
Expires: 24 December 2022                                          sn3rd
                                                            22 June 2022


     Key Attestation Extension for Certificate Management Protocols
               draft-wallace-lamps-key-attestation-ext-00

Abstract

   Certification Authorities (CAs) issue certificates for public keys
   conveyed to the CA via a certificate management message or protocol.
   In some cases, a CA may wish to tailor certificate contents based on
   whether the corresponding private key is secured by hardware in non-
   exportable form.  This document describes extensions that may be
   included in any of several widely used certificate management
   protocols to convey attestations about the private key to the CA to
   support this determination.

About This Document

   This note is to be removed before publishing as an RFC.

   Status information for this document may be found at
   https://datatracker.ietf.org/doc/draft-wallace-lamps-key-attestation-
   ext/.

   Discussion of this document takes place on the spasm Working Group
   mailing list (mailto:spasm@ietf.org), which is archived at
   https://mailarchive.ietf.org/arch/browse/spasm/.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."




Wallace & Turner        Expires 24 December 2022                [Page 1]


Internet-Draft          Key Attestation Extension              June 2022


   This Internet-Draft will expire on 24 December 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   4
   3.  Key Attestation Attribute or Extension  . . . . . . . . . . .   4
     3.1.  Usage in PKCS #10 requests  . . . . . . . . . . . . . . .   5
     3.2.  Usage in CRMF requests  . . . . . . . . . . . . . . . . .   5
   4.  Example extension . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  16
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  17
     6.1.  Key attestation extension object identifier . . . . . . .  17
     6.2.  Key attestation extension ASN.1 module object
           identifier  . . . . . . . . . . . . . . . . . . . . . . .  17
     6.3.  Attestation statement formats . . . . . . . . . . . . . .  17
   7.  ASN.1 Module  . . . . . . . . . . . . . . . . . . . . . . . .  17
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  18
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  18
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  20
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  20
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  20

1.  Introduction

   Many different certificate management protocols exist, including:

   *  PKCS #10 [RFC2986]

   *  Simple Certificate Enrolment Protocol (SCEP) [RFC8894]

   *  Certificate Management over CMS (CMC) [RFC5272]

   *  Certificate Management Protocol (CMP) [RFC4210]



Wallace & Turner        Expires 24 December 2022                [Page 2]


Internet-Draft          Key Attestation Extension              June 2022


   *  Certificate Request Management Format (CRMF) [RFC4211]

   *  Enrollment over Secure Transport (EST) [RFC7030]

   *  Automatic Certificate Management Environment (ACME) [RFC8555]

   Each of these specifications defines extensibility mechanisms to
   customize requests sent to a Certification Authority (CA),
   Registration Authority (RA), or certificate management server.  This
   document addresses the first six specifications in the above list, as
   all can be customized using attributes or extensions.  [RFC8555] is
   somewhat different and is addressed by
   [I-D.draft-bweeks-acme-device-attest].

   Many operating system and device vendors offer functionality enabling
   a device to generate a cryptographic attestation that can be used to
   establish the provenance of a key:

   *  Android Key Attestation
      (https://source.android.com/security/keystore/attestation)

   *  Trusted Platform Module (https://docs.microsoft.com/en-us/windows-
      server/identity/ad-ds/manage/component-updates/tpm-key-
      attestation)

   *  Apple Key Attestation
      (https://developer.apple.com/documentation/devicecheck/
      dcappattestservice/3573911-attestkey)

   *  Yubico PIV Attestation
      (https://developers.yubico.com/PIV/Introduction/
      PIV_attestation.html)

   [WebAuthn] defines an "API enabling the creation and use of strong,
   attested, scoped, public key-based credentials by web applications,
   for the purpose of strongly authenticating users."  In support of
   this goal, it defines a model and corresponding formats to support
   attestation functionality.  Section 6.5 of [WebAuthn] describes the
   general attestation structure and section 8 defines some specific
   attestation formats.  Similar to
   [I-D.draft-bweeks-acme-device-attest], this specification uses the
   attestation object definition from [WebAuthn] as a means of
   supporting a variety of attestation formats, which are defined in the
   IANA registry that was established by [RFC8809]; see [WebAuthnReg].

   This document defines a structure, KeyAttestation, that can be used
   to convey a [WebAuthn] attestation statement as an attribute or
   extension when using the protocols listed above.



Wallace & Turner        Expires 24 December 2022                [Page 3]


Internet-Draft          Key Attestation Extension              June 2022


2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Key Attestation Attribute or Extension

   A key attestation attribute or extension MAY be included in
   certificate request messages to convey an attestation statement for
   the private key corresponding to the public key contained in the
   request.  The attribute definition and the certificate extension
   definition are exactly the same, and they are identified by the same
   object identifier.

   ext-keyAttestation EXTENSION ::= {
     SYNTAX KeyAttestation IDENTIFIED BY id-pe-keyAttestation }

   attr-keyAttestation ATTRIBUTE ::= {
     SYNTAX KeyAttestation IDENTIFIED BY id-pe-keyAttestation }

   id-pe-keyAttestation OBJECT IDENTIFIER ::=  { id-pe TBD }

   KeyAttestation ::= SEQUENCE {
     hardwareSecured  BOOLEAN DEFAULT FALSE,
     attestationStatement OCTET STRING
   }

   The structure consists of two fields: hardwareSecured and
   attestationStatement.  Where the hardwareSecured field is set to
   TRUE, the private key corresponding to the public key in the request
   MUST NOT be able to be exported from the cryptoprocessor.  The
   attestationStatement field features an attestation statement as
   defined in [WebAuthn] encoded as an OCTET STRING.

   While the format of an attestation statement varies, all attestation
   statement formats conveyed via a keyAttestation extension MUST
   include the public key that is the subject of the corresponding
   certificate management request.  Certificate request messages that
   contain a key attestation that does not include a public key or that
   contain a public key that does not match the public key in the
   certificate request SHOULD be rejected with no certificate issued,
   however, a CA MAY elect to issue a certificate as if the request did
   not contain a key attestation per local policy.





Wallace & Turner        Expires 24 December 2022                [Page 4]


Internet-Draft          Key Attestation Extension              June 2022


   Some attestation statement formats support the use of challenge
   password or nonce values.  While the means of conveying challenge
   password value or a nonce value to certificate request clients is
   outside the scope of this document, each of SCEP [RFC8894], CMC
   [RFC5272], CMP [RFC4210] and EST [RFC7030] define means for conveying
   nonce values to certificate request clients.  In some cases,
   challenge password or nonce values may be conveyed outside of a
   certificate management protocol.  For example, SCEP payloads in
   Apple's Over-the-Air Profile Delivery and Configuration specification
   [OTA] deliver challenge passwords in an XML-formatted set of
   instructions.

   Similarly, use and verification of a nonce value relative to an
   attestation statement is outside the scope of this document.
   Verification procedures for currently defined attestation statement
   formats can be found in Section 8 of [WebAuthn].  Certificate request
   messages that contain a key attestation that cannot be validated,
   including processing any nonce or challenge password values, SHOULD
   be rejected with no certificate issued, however, a CA MAY elect to
   issue a certificate as if the request did not contain a key
   attestation per local policy.

3.1.  Usage in PKCS #10 requests

   The PKCS #10 structure may be used directly or in SCEP, CMC, CMP or
   EST contexts.  Where PKCS #10 is used, the public key in the
   attestation statement MUST match the public key in the
   CertificationRequestInfo.subjectPKInfo field and the keyAttestation
   attribute MUST appear in the CertificationRequestInfo.attributes
   field.

3.2.  Usage in CRMF requests

   The CRMF structure may be used in CMC, CMP or EST.  Where CRMF is
   used, the public key in the attestation statement MUST match the
   public key in the CertTemplate.publicKey field and the keyAttestation
   extension MUST appear in the CertTemplate.extensions field.

4.  Example extension

   The example extension below features a CBOR-encoded attestation
   statement of type "apple-appattest", which was genrated using the
   attestKey (https://developer.apple.com/documentation/devicecheck/
   dcappattestservice/3573911-attestkey) method.







Wallace & Turner        Expires 24 December 2022                [Page 5]


Internet-Draft          Key Attestation Extension              June 2022


      0 5199: SEQUENCE {
      4    1:   BOOLEAN TRUE
      7 5192:   OCTET STRING
            :     A3 63 66 6D 74 6F 61 70 70 6C 65 2D 61 70 70 61
            :     74 74 65 73 74 67 61 74 74 53 74 6D 74 A2 63 78
            :     35 63 82 59 02 DD 30 82 02 D9 30 82 02 5F A0 03
            :     02 01 02 02 06 01 81 02 CA EB C8 30 0A 06 08 2A
            :     86 48 CE 3D 04 03 02 30 4F 31 23 30 21 06 03 55
            :     04 03 0C 1A 41 70 70 6C 65 20 41 70 70 20 41 74
            :     74 65 73 74 61 74 69 6F 6E 20 43 41 20 31 31 13
            :     30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49
            :     6E 63 2E 31 13 30 11 06 03 55 04 08 0C 0A 43 61
            :     6C 69 66 6F 72 6E 69 61 30 1E 17 0D 32 32 30 35
            :     32 35 32 33 35 34 32 32 5A 17 0D 32 32 30 35 32
            :     38 32 33 35 34 32 32 5A 30 81 91 31 49 30 47 06
            :     03 55 04 03 0C 40 33 31 34 65 64 62 39 66 62 64
            :     66 34 35 66 61 65 32 30 32 66 39 63 37 31 31 64
            :     62 30 38 34 36 33 65 61 61 36 31 64 31 65 66 62
            :     61 32 32 63 30 30 66 34 63 30 64 33 32 33 61 33
            :     38 37 36 31 61 34 31 1A 30 18 06 03 55 04 0B 0C
            :     11 41 41 41 20 43 65 72 74 69 66 69 63 61 74 69
            :     6F 6E 31 13 30 11 06 03 55 04 0A 0C 0A 41 70 70
            :     6C 65 20 49 6E 63 2E 31 13 30 11 06 03 55 04 08
            :     0C 0A 43 61 6C 69 66 6F 72 6E 69 61 30 59 30 13
            :     06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D
            :     03 01 07 03 42 00 04 B9 3E 33 81 15 20 24 5A E1
            :     50 DF 87 05 5F 96 67 32 4A 3B CA A1 C0 C9 F0 7A
            :     A2 13 0D 41 A2 EA B8 0A FB A4 7F 34 39 00 7F B6
            :     7F 07 30 75 D2 34 96 6F 83 08 F2 FD 0B 3C D3 47
            :     FA 72 11 4A 26 74 67 A3 81 E3 30 81 E0 30 0C 06
            :     03 55 1D 13 01 01 FF 04 02 30 00 30 0E 06 03 55
            :     1D 0F 01 01 FF 04 04 03 02 04 F0 30 70 06 09 2A
            :     86 48 86 F7 63 64 08 05 04 63 30 61 A4 03 02 01
            :     0A BF 89 30 03 02 01 01 BF 89 31 03 02 01 00 BF
            :     89 32 03 02 01 01 BF 89 33 03 02 01 01 BF 89 34
            :     18 04 16 32 46 42 45 4C 48 52 37 32 4E 2E 41 74
            :     74 65 73 74 54 65 73 74 33 A5 06 04 04 73 6B 73
            :     20 BF 89 36 03 02 01 05 BF 89 37 03 02 01 00 BF
            :     89 39 03 02 01 00 BF 89 3A 03 02 01 00 30 19 06
            :     09 2A 86 48 86 F7 63 64 08 07 04 0C 30 0A BF 8A
            :     78 06 04 04 31 35 2E 35 30 33 06 09 2A 86 48 86
            :     F7 63 64 08 02 04 26 30 24 A1 22 04 20 14 CA 34
            :     E9 45 E6 03 AE CF 85 70 E4 B6 81 47 DF 80 49 3B
            :     77 70 9A AF AD 54 29 FD E7 22 3D 1B 24 30 0A 06
            :     08 2A 86 48 CE 3D 04 03 02 03 68 00 30 65 02 31
            :     00 CD 6C B7 16 9F CD AB 4B CB B7 C6 9A E9 3E 00
            :     78 11 7A 2C E7 17 C5 2E 34 92 47 EF 93 64 6A 4A
            :     26 2D 80 70 9F 11 32 A5 F5 16 E7 3F 14 FD 90 21



Wallace & Turner        Expires 24 December 2022                [Page 6]


Internet-Draft          Key Attestation Extension              June 2022


            :     16 02 30 3D DA EA 07 EA AA 6E 49 70 DA 39 A5 0C
            :     0B 92 9B AA D5 A6 3F 15 C8 0F B5 C0 FC 22 E0 6E
            :     36 B7 9F 87 07 98 37 95 C5 3C FE E5 20 11 C0 58
            :     5B D0 64 59 02 47 30 82 02 43 30 82 01 C8 A0 03
            :     02 01 02 02 10 09 BA C5 E1 BC 40 1A D9 D4 53 95
            :     BC 38 1A 08 54 30 0A 06 08 2A 86 48 CE 3D 04 03
            :     03 30 52 31 26 30 24 06 03 55 04 03 0C 1D 41 70
            :     70 6C 65 20 41 70 70 20 41 74 74 65 73 74 61 74
            :     69 6F 6E 20 52 6F 6F 74 20 43 41 31 13 30 11 06
            :     03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63 2E
            :     31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66
            :     6F 72 6E 69 61 30 1E 17 0D 32 30 30 33 31 38 31
            :     38 33 39 35 35 5A 17 0D 33 30 30 33 31 33 30 30
            :     30 30 30 30 5A 30 4F 31 23 30 21 06 03 55 04 03
            :     0C 1A 41 70 70 6C 65 20 41 70 70 20 41 74 74 65
            :     73 74 61 74 69 6F 6E 20 43 41 20 31 31 13 30 11
            :     06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63
            :     2E 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69
            :     66 6F 72 6E 69 61 30 76 30 10 06 07 2A 86 48 CE
            :     3D 02 01 06 05 2B 81 04 00 22 03 62 00 04 AE 5B
            :     37 A0 77 4D 79 B2 35 8F 40 E7 D1 F2 26 26 F1 C2
            :     5F EF 17 80 2D EA B3 82 6A 59 87 4F F8 D2 AD 15
            :     25 78 9A A2 66 04 19 12 48 B6 3C B9 67 06 9E 98
            :     D3 63 BD 5E 37 0F BF A0 8E 32 9E 80 73 A9 85 E7
            :     74 6E A3 59 A2 F6 6F 29 DB 32 AF 45 5E 21 16 58
            :     D5 67 AF 9E 26 7E B2 61 4D C2 1A 66 CE 99 A3 66
            :     30 64 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06
            :     01 01 FF 02 01 00 30 1F 06 03 55 1D 23 04 18 30
            :     16 80 14 AC 91 10 53 33 BD BE 68 41 FF A7 0C A9
            :     E5 FA EA E5 E5 8A A1 30 1D 06 03 55 1D 0E 04 16
            :     04 14 3E E3 5D 1C 04 19 A9 C9 B4 31 F8 84 74 D6
            :     E1 E1 57 72 E3 9B 30 0E 06 03 55 1D 0F 01 01 FF
            :     04 04 03 02 01 06 30 0A 06 08 2A 86 48 CE 3D 04
            :     03 03 03 69 00 30 66 02 31 00 BB BE 88 8D 73 8D
            :     05 02 CF BC FD 66 6D 09 57 50 35 BC D6 87 2C 3F
            :     84 30 49 26 29 ED D1 F9 14 E8 79 99 1C 9A E8 B5
            :     AE F8 D3 A8 54 33 F7 B6 0D 06 02 31 00 AB 38 ED
            :     D0 CC 81 ED 00 A4 52 C3 BA 44 F9 93 63 65 53 FE
            :     CC 29 7F 2E B4 DF 9F 5E BE 5A 4A CA B6 99 5C 4B
            :     82 0D F9 04 38 6F 78 07 BB 58 94 39 B7 67 72 65
            :     63 65 69 70 74 59 0E 41 30 80 06 09 2A 86 48 86
            :     F7 0D 01 07 02 A0 80 30 80 02 01 01 31 0F 30 0D
            :     06 09 60 86 48 01 65 03 04 02 01 05 00 30 80 06
            :     09 2A 86 48 86 F7 0D 01 07 01 A0 80 24 80 04 82
            :     03 E8 31 82 03 FC 30 1E 02 01 02 02 01 01 04 16
            :     32 46 42 45 4C 48 52 37 32 4E 2E 41 74 74 65 73
            :     74 54 65 73 74 33 30 82 02 E7 02 01 03 02 01 01
            :     04 82 02 DD 30 82 02 D9 30 82 02 5F A0 03 02 01



Wallace & Turner        Expires 24 December 2022                [Page 7]


Internet-Draft          Key Attestation Extension              June 2022


            :     02 02 06 01 81 02 CA EB C8 30 0A 06 08 2A 86 48
            :     CE 3D 04 03 02 30 4F 31 23 30 21 06 03 55 04 03
            :     0C 1A 41 70 70 6C 65 20 41 70 70 20 41 74 74 65
            :     73 74 61 74 69 6F 6E 20 43 41 20 31 31 13 30 11
            :     06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63
            :     2E 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69
            :     66 6F 72 6E 69 61 30 1E 17 0D 32 32 30 35 32 35
            :     32 33 35 34 32 32 5A 17 0D 32 32 30 35 32 38 32
            :     33 35 34 32 32 5A 30 81 91 31 49 30 47 06 03 55
            :     04 03 0C 40 33 31 34 65 64 62 39 66 62 64 66 34
            :     35 66 61 65 32 30 32 66 39 63 37 31 31 64 62 30
            :     38 34 36 33 65 61 61 36 31 64 31 65 66 62 61 32
            :     32 63 30 30 66 34 63 30 64 33 32 33 61 33 38 37
            :     36 31 61 34 31 1A 30 18 06 03 55 04 0B 0C 11 41
            :     41 41 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E
            :     31 13 30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65
            :     20 49 6E 63 2E 31 13 30 11 06 03 55 04 08 0C 0A
            :     43 61 6C 69 66 6F 72 6E 69 61 30 59 30 13 06 07
            :     2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01
            :     07 03 42 00 04 B9 3E 33 81 15 20 24 5A E1 50 DF
            :     87 05 5F 96 67 32 4A 3B CA A1 C0 C9 F0 7A A2 13
            :     0D 41 A2 EA B8 0A FB A4 7F 34 39 00 7F B6 7F 07
            :     30 75 D2 34 96 6F 83 08 F2 FD 0B 3C D3 47 FA 72
            :     11 4A 26 74 67 A3 81 E3 30 81 E0 30 0C 06 03 55
            :     1D 13 01 01 FF 04 02 30 00 30 0E 06 03 55 1D 0F
            :     01 01 FF 04 04 03 02 04 F0 30 70 06 09 2A 86 48
            :     86 F7 63 64 08 05 04 63 30 61 A4 03 02 01 0A BF
            :     89 30 03 02 01 01 BF 89 31 03 02 01 00 BF 89 32
            :     03 02 01 01 BF 89 33 03 02 01 01 BF 89 34 18 04
            :     16 32 46 42 45 4C 48 52 37 32 4E 2E 41 74 74 65
            :     73 74 54 65 73 74 33 A5 06 04 04 73 6B 73 20 BF
            :     89 36 03 02 01 05 BF 89 37 03 02 01 00 BF 89 39
            :     03 02 01 00 BF 89 3A 03 02 01 00 30 19 06 09 2A
            :     86 48 86 F7 63 64 08 07 04 0C 30 0A BF 8A 78 06
            :     04 04 31 35 2E 35 30 33 06 09 2A 86 48 86 F7 63
            :     64 08 02 04 26 30 24 A1 22 04 20 14 CA 34 E9 45
            :     E6 03 AE CF 85 70 E4 B6 81 47 DF 80 49 3B 77 70
            :     9A AF AD 54 29 FD E7 22 3D 1B 24 30 0A 06 08 2A
            :     86 48 CE 3D 04 03 02 03 68 00 30 65 02 31 00 CD
            :     6C B7 16 9F CD AB 4B CB B7 C6 9A E9 3E 00 78 11
            :     7A 2C E7 17 C5 2E 34 92 47 EF 93 64 6A 4A 26 2D
            :     80 70 9F 11 32 A5 F5 16 E7 3F 14 FD 90 21 16 02
            :     30 3D DA EA 07 EA AA 6E 49 70 DA 39 A5 0C 0B 92
            :     9B AA D5 A6 3F 15 C8 0F B5 C0 FC 22 E0 6E 36 B7
            :     9F 87 07 98 37 95 C5 3C FE E5 20 11 C0 58 5B D0
            :     64 30 28 02 01 04 02 01 01 04 20 4B B4 F5 F1 21
            :     7E ED 8A EF 2A EF A4 90 62 1D 19 00 B5 BE 05 2A
            :     7F 34 3E 0D 1E F4 26 E0 C8 D0 23 30 60 02 01 05



Wallace & Turner        Expires 24 December 2022                [Page 8]


Internet-Draft          Key Attestation Extension              June 2022


            :     02 01 01 04 58 67 72 31 64 6E 63 6B 56 41 71 34
            :     72 39 45 37 63 62 37 45 61 6A 5A 42 43 56 63 77
            :     36 45 63 73 69 53 35 52 52 69 67 42 50 38 68 70
            :     42 4D 58 66 74 4A 5A 2B 56 32 44 55 37 6A 4E 30
            :     59 6D 56 71 7A 35 6A 4C 37 57 31 61 71 75 64 35
            :     6D 5A 37 48 6E 79 6F 6B 6B 43 67 3D 3D 30 0E 02
            :     01 06 02 01 01 04 06 41 54 54 45 53 54 30 0F 02
            :     01 07 02 01 01 04 07 73 61 6E 64 62 6F 78 30 20
            :     02 01 0C 02 01 01 04 18 32 30 32 32 2D 30 35 2D
            :     32 36 54 32 33 3A 35 34 3A 32 32 2E 30 36 32 5A
            :     30 20 02 01 15 02 01 01 04 18 04 18 32 30 32 32
            :     2D 30 38 2D 32 34 54 32 33 3A 35 34 3A 32 32 2E
            :     30 36 32 5A 00 00 00 00 00 00 A0 80 30 82 03 AE
            :     30 82 03 54 A0 03 02 01 02 02 10 09 39 B4 BC E9
            :     0C C3 A1 81 65 36 37 2F 66 71 41 30 0A 06 08 2A
            :     86 48 CE 3D 04 03 02 30 7C 31 30 30 2E 06 03 55
            :     04 03 0C 27 41 70 70 6C 65 20 41 70 70 6C 69 63
            :     61 74 69 6F 6E 20 49 6E 74 65 67 72 61 74 69 6F
            :     6E 20 43 41 20 35 20 2D 20 47 31 31 26 30 24 06
            :     03 55 04 0B 0C 1D 41 70 70 6C 65 20 43 65 72 74
            :     69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72
            :     69 74 79 31 13 30 11 06 03 55 04 0A 0C 0A 41 70
            :     70 6C 65 20 49 6E 63 2E 31 0B 30 09 06 03 55 04
            :     06 13 02 55 53 30 1E 17 0D 32 32 30 34 31 39 31
            :     33 33 33 30 33 5A 17 0D 32 33 30 35 31 39 31 33
            :     33 33 30 32 5A 30 5A 31 36 30 34 06 03 55 04 03
            :     0C 2D 41 70 70 6C 69 63 61 74 69 6F 6E 20 41 74
            :     74 65 73 74 61 74 69 6F 6E 20 46 72 61 75 64 20
            :     52 65 63 65 69 70 74 20 53 69 67 6E 69 6E 67 31
            :     13 30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65 20
            :     49 6E 63 2E 31 0B 30 09 06 03 55 04 06 13 02 55
            :     53 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08
            :     2A 86 48 CE 3D 03 01 07 03 42 00 04 39 D4 F9 AA
            :     9B 1C C4 45 D6 5B A6 17 AC F2 C0 84 EC 6F 07 08
            :     D5 90 14 A0 E7 6E CF 3D EE 39 99 A9 4C 6B FB 01
            :     55 10 55 55 64 6C DA 8E 23 E0 26 01 14 02 D0 7E
            :     13 B9 54 1F D8 B4 D6 57 D8 2E 93 78 A3 82 01 D8
            :     30 82 01 D4 30 0C 06 03 55 1D 13 01 01 FF 04 02
            :     30 00 30 1F 06 03 55 1D 23 04 18 30 16 80 14 D9
            :     17 FE 4B 67 90 38 4B 92 F4 DB CE D5 57 80 14 0B
            :     8F 3D C9 30 43 06 08 2B 06 01 05 05 07 01 01 04
            :     37 30 35 30 33 06 08 2B 06 01 05 05 07 30 01 86
            :     27 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 61 70 70
            :     6C 65 2E 63 6F 6D 2F 6F 63 73 70 30 33 2D 61 61
            :     69 63 61 35 67 31 30 31 30 82 01 1C 06 03 55 1D
            :     20 04 82 01 13 30 82 01 0F 30 82 01 0B 06 09 2A
            :     86 48 86 F7 63 64 05 01 30 81 FD 30 81 C3 06 08
            :     2B 06 01 05 05 07 02 02 30 81 B6 0C 81 B3 52 65



Wallace & Turner        Expires 24 December 2022                [Page 9]


Internet-Draft          Key Attestation Extension              June 2022


            :     6C 69 61 6E 63 65 20 6F 6E 20 74 68 69 73 20 63
            :     65 72 74 69 66 69 63 61 74 65 20 62 79 20 61 6E
            :     79 20 70 61 72 74 79 20 61 73 73 75 6D 65 73 20
            :     61 63 63 65 70 74 61 6E 63 65 20 6F 66 20 74 68
            :     65 20 74 68 65 6E 20 61 70 70 6C 69 63 61 62 6C
            :     65 20 73 74 61 6E 64 61 72 64 20 74 65 72 6D 73
            :     20 61 6E 64 20 63 6F 6E 64 69 74 69 6F 6E 73 20
            :     6F 66 20 75 73 65 2C 20 63 65 72 74 69 66 69 63
            :     61 74 65 20 70 6F 6C 69 63 79 20 61 6E 64 20 63
            :     65 72 74 69 66 69 63 61 74 69 6F 6E 20 70 72 61
            :     63 74 69 63 65 20 73 74 61 74 65 6D 65 6E 74 73
            :     2E 30 35 06 08 2B 06 01 05 05 07 02 01 16 29 68
            :     74 74 70 3A 2F 2F 77 77 77 2E 61 70 70 6C 65 2E
            :     63 6F 6D 2F 63 65 72 74 69 66 69 63 61 74 65 61
            :     75 74 68 6F 72 69 74 79 30 1D 06 03 55 1D 0E 04
            :     16 04 14 FB 67 D3 0D BF 73 B7 92 A6 26 5D 48 8D
            :     2C C1 1D 95 E2 73 F8 30 0E 06 03 55 1D 0F 01 01
            :     FF 04 04 03 02 07 80 30 0F 06 09 2A 86 48 86 F7
            :     63 64 0C 0F 04 02 05 00 30 0A 06 08 2A 86 48 CE
            :     3D 04 03 02 03 48 00 30 45 02 21 00 94 90 A0 67
            :     37 73 E7 2F 78 29 36 76 23 B8 DD 51 D7 C8 9A 09
            :     EA BB 00 E3 9C 6E 45 0B 05 58 0B D0 02 20 47 34
            :     1A 2B D1 3C C0 54 A8 0A 3A AA CC 3C C1 45 7C 00
            :     54 53 18 EA 33 8D 7D 6D D5 F6 0B 2B 87 2E 30 82
            :     02 F9 30 82 02 7F A0 03 02 01 02 02 10 56 FB 83
            :     D4 2B FF 8D C3 37 99 23 B5 5A AE 6E BD 30 0A 06
            :     08 2A 86 48 CE 3D 04 03 03 30 67 31 1B 30 19 06
            :     03 55 04 03 0C 12 41 70 70 6C 65 20 52 6F 6F 74
            :     20 43 41 20 2D 20 47 33 31 26 30 24 06 03 55 04
            :     0B 0C 1D 41 70 70 6C 65 20 43 65 72 74 69 66 69
            :     63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79
            :     31 13 30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65
            :     20 49 6E 63 2E 31 0B 30 09 06 03 55 04 06 13 02
            :     55 53 30 1E 17 0D 31 39 30 33 32 32 31 37 35 33
            :     33 33 5A 17 0D 33 34 30 33 32 32 30 30 30 30 30
            :     30 5A 30 7C 31 30 30 2E 06 03 55 04 03 0C 27 41
            :     70 70 6C 65 20 41 70 70 6C 69 63 61 74 69 6F 6E
            :     20 49 6E 74 65 67 72 61 74 69 6F 6E 20 43 41 20
            :     35 20 2D 20 47 31 31 26 30 24 06 03 55 04 0B 0C
            :     1D 41 70 70 6C 65 20 43 65 72 74 69 66 69 63 61
            :     74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 13
            :     30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49
            :     6E 63 2E 31 0B 30 09 06 03 55 04 06 13 02 55 53
            :     30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A
            :     86 48 CE 3D 03 01 07 03 42 00 04 92 CE 63 BD 7D
            :     86 B1 AB 28 0A 3B 1C E1 AF FB 04 94 80 91 AC F6
            :     31 DF A6 CB 28 35 6F 44 4B E1 21 E5 57 DD 12 8D
            :     8D BA 82 7C 95 BE 49 FA BE 33 CA AE CD 04 19 F1



Wallace & Turner        Expires 24 December 2022               [Page 10]


Internet-Draft          Key Attestation Extension              June 2022


            :     2F 43 25 FA F4 BE B3 CB 83 7E BA A3 81 F7 30 81
            :     F4 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01
            :     01 FF 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB
            :     B0 DE A1 58 33 88 9A A4 8A 99 DE BE BD EB AF DA
            :     CB 24 AB 30 46 06 08 2B 06 01 05 05 07 01 01 04
            :     3A 30 38 30 36 06 08 2B 06 01 05 05 07 30 01 86
            :     2A 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 61 70 70
            :     6C 65 2E 63 6F 6D 2F 6F 63 73 70 30 33 2D 61 70
            :     70 6C 65 72 6F 6F 74 63 61 67 33 30 37 06 03 55
            :     1D 1F 04 30 30 2E 30 2C A0 2A A0 28 86 26 68 74
            :     74 70 3A 2F 2F 63 72 6C 2E 61 70 70 6C 65 2E 63
            :     6F 6D 2F 61 70 70 6C 65 72 6F 6F 74 63 61 67 33
            :     2E 63 72 6C 30 1D 06 03 55 1D 0E 04 16 04 14 D9
            :     17 FE 4B 67 90 38 4B 92 F4 DB CE D5 57 80 14 0B
            :     8F 3D C9 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03
            :     02 01 06 30 10 06 0A 2A 86 48 86 F7 63 64 06 02
            :     03 04 02 05 00 30 0A 06 08 2A 86 48 CE 3D 04 03
            :     03 03 68 00 30 65 02 31 00 8D 6F A6 9F A1 E0 E4
            :     EC 5B 4E 73 8A 92 7F 3D 78 53 98 8F F4 DA 1F 58
            :     1E C3 75 4A FE 38 A8 4C 2A 83 1A 1A AA 0D A6 64
            :     6D E1 B9 93 E8 D1 55 4C ED 02 30 67 3B 2C B4 E1
            :     E8 37 07 77 CB D5 EC 76 A8 1A 3A 55 3B 3F 35 6A
            :     C8 C5 E6 92 B0 E1 61 BE 80 49 69 E4 5F 2B A9 6C
            :     E1 11 02 AA CC 61 D9 38 B7 73 4A 30 82 02 43 30
            :     82 01 C9 A0 03 02 01 02 02 08 2D C5 FC 88 D2 C5
            :     4B 95 30 0A 06 08 2A 86 48 CE 3D 04 03 03 30 67
            :     31 1B 30 19 06 03 55 04 03 0C 12 41 70 70 6C 65
            :     20 52 6F 6F 74 20 43 41 20 2D 20 47 33 31 26 30
            :     24 06 03 55 04 0B 0C 1D 41 70 70 6C 65 20 43 65
            :     72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68
            :     6F 72 69 74 79 31 13 30 11 06 03 55 04 0A 0C 0A
            :     41 70 70 6C 65 20 49 6E 63 2E 31 0B 30 09 06 03
            :     55 04 06 13 02 55 53 30 1E 17 0D 31 34 30 34 33
            :     30 31 38 31 39 30 36 5A 17 0D 33 39 30 34 33 30
            :     31 38 31 39 30 36 5A 30 67 31 1B 30 19 06 03 55
            :     04 03 0C 12 41 70 70 6C 65 20 52 6F 6F 74 20 43
            :     41 20 2D 20 47 33 31 26 30 24 06 03 55 04 0B 0C
            :     1D 41 70 70 6C 65 20 43 65 72 74 69 66 69 63 61
            :     74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 13
            :     30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49
            :     6E 63 2E 31 0B 30 09 06 03 55 04 06 13 02 55 53
            :     30 76 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B
            :     81 04 00 22 03 62 00 04 98 E9 2F 3D 40 72 A4 ED
            :     93 22 72 81 13 1C DD 10 95 F1 C5 A3 4E 71 DC 14
            :     16 D9 0E E5 A6 05 2A 77 64 7B 5F 4E 38 D3 BB 1C
            :     44 B5 7F F5 1F B6 32 62 5D C9 E9 84 5B 4F 30 4F
            :     11 5A 00 FD 58 58 0C A5 F5 0F 2C 4D 07 47 13 75
            :     DA 97 97 97 6F 31 5C ED 2B 9D 7B 20 3B D8 B9 54



Wallace & Turner        Expires 24 December 2022               [Page 11]


Internet-Draft          Key Attestation Extension              June 2022


            :     D9 5E 99 A4 3A 51 0A 31 A3 42 30 40 30 1D 06 03
            :     55 1D 0E 04 16 04 14 BB B0 DE A1 58 33 88 9A A4
            :     8A 99 DE BE BD EB AF DA CB 24 AB 30 0F 06 03 55
            :     1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0E 06 03
            :     55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0A 06 08
            :     2A 86 48 CE 3D 04 03 03 03 68 00 30 65 02 31 00
            :     83 E9 C1 C4 16 5E 1A 5D 34 18 D9 ED EF F4 6C 0E
            :     00 46 4B B8 DF B2 46 11 C5 0F FD E6 7A 8C A1 A6
            :     6B CE C2 03 D4 9C F5 93 C6 74 B8 6A DF AA 23 15
            :     02 30 6D 66 8A 10 CA D4 0D D4 4F CD 8D 43 3E B4
            :     8A 63 A5 33 6E E3 6D DA 17 B7 64 1F C8 53 26 F9
            :     88 62 74 39 0B 17 5B CB 51 A8 0C E8 18 03 E7 A2
            :     B2 28 00 00 31 81 FC 30 81 F9 02 01 01 30 81 90
            :     30 7C 31 30 30 2E 06 03 55 04 03 0C 27 41 70 70
            :     6C 65 20 41 70 70 6C 69 63 61 74 69 6F 6E 20 49
            :     6E 74 65 67 72 61 74 69 6F 6E 20 43 41 20 35 20
            :     2D 20 47 31 31 26 30 24 06 03 55 04 0B 0C 1D 41
            :     70 70 6C 65 20 43 65 72 74 69 66 69 63 61 74 69
            :     6F 6E 20 41 75 74 68 6F 72 69 74 79 31 13 30 11
            :     06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63
            :     2E 31 0B 30 09 06 03 55 04 06 13 02 55 53 02 10
            :     09 39 B4 BC E9 0C C3 A1 81 65 36 37 2F 66 71 41
            :     30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 30
            :     0A 06 08 2A 86 48 CE 3D 04 03 02 04 46 30 44 02
            :     20 0B DC 9C C6 40 B8 12 CB 48 93 35 22 D5 95 35
            :     9D 5F 41 CB 4F D4 5F DD 8A D5 C9 48 16 1E 8A 02
            :     73 02 20 1C BE 13 1D C1 59 E4 C9 2E 03 59 A7 64
            :     E1 26 3D 6D DF 8B CB 74 67 D1 A8 C0 5E 96 BE E1
            :     9F B1 57 00 00 00 00 00 00 68 61 75 74 68 44 61
            :     74 61 58 A4 50 4E 95 49 A7 B7 37 91 86 C1 DE B6
            :     F0 D0 E3 74 47 11 10 E0 D7 0B 6F 4A A2 BA D9 90
            :     EA 3D 35 2D 40 00 00 00 00 61 70 70 61 74 74 65
            :     73 74 64 65 76 65 6C 6F 70 00 20 31 4E DB 9F BD
            :     F4 5F AE 20 2F 9C 71 1D B0 84 63 EA A6 1D 1E FB
            :     A2 2C 00 F4 C0 D3 23 A3 87 61 A4 A5 01 02 03 26
            :     20 01 21 58 20 B9 3E 33 81 15 20 24 5A E1 50 DF
            :     87 05 5F 96 67 32 4A 3B CA A1 C0 C9 F0 7A A2 13
            :     0D 41 A2 EA B8 22 58 20 0A FB A4 7F 34 39 00 7F
            :     B6 7F 07 30 75 D2 34 96 6F 83 08 F2 FD 0B 3C D3
            :     47 FA 72 11 4A 26 74 67
            :   }

   The contents of the attestationStatement field in the above example
   are shown below in JSON format.







Wallace & Turner        Expires 24 December 2022               [Page 12]


Internet-Draft          Key Attestation Extension              June 2022


   {"fmt": "apple-appattest", "attStmt": {"x5c":
   [h'
   308202D93082025FA0030201020206018102CAEBC8300A06082A8648CE3D040302304
   F3123302106035504030C1A4170706C6520417070204174746573746174696F6E2043
   41203131133011060355040A0C0A4170706C6520496E632E3113301106035504080C0
   A43616C69666F726E6961301E170D3232303532353233353432325A170D3232303532
   383233353432325A3081913149304706035504030C403331346564623966626466343
   566616532303266396337313164623038343633656161363164316566626132326330
   3066346330643332336133383736316134311A3018060355040B0C114141412043657
   274696669636174696F6E31133011060355040A0C0A4170706C6520496E632E311330
   1106035504080C0A43616C69666F726E69613059301306072A8648CE3D020106082A8
   648CE3D03010703420004B93E33811520245AE150DF87055F9667324A3BCAA1C0C9F0
   7AA2130D41A2EAB80AFBA47F3439007FB67F073075D234966F8308F2FD0B3CD347FA7
   2114A267467A381E33081E0300C0603551D130101FF04023000300E0603551D0F0101
   FF0404030204F0307006092A864886F76364080504633061A40302010ABF893003020
   101BF893103020100BF893203020101BF893303020101BF8934180416324642454C48
   5237324E2E4174746573745465737433A5060404736B7320BF893603020105BF89370
   3020100BF893903020100BF893A03020100301906092A864886F763640807040C300A
   BF8A7806040431352E35303306092A864886F76364080204263024A122042014CA34E
   945E603AECF8570E4B68147DF80493B77709AAFAD5429FDE7223D1B24300A06082A86
   48CE3D0403020368003065023100CD6CB7169FCDAB4BCBB7C69AE93E0078117A2CE71
   7C52E349247EF93646A4A262D80709F1132A5F516E73F14FD90211602303DDAEA07EA
   AA6E4970DA39A50C0B929BAAD5A63F15C80FB5C0FC22E06E36B79F8707983795C53CF
   EE52011C0585BD064',
   h'
   30820243308201C8A003020102021009BAC5E1BC401AD9D45395BC381A0854300A060
   82A8648CE3D04030330523126302406035504030C1D4170706C652041707020417474
   6573746174696F6E20526F6F7420434131133011060355040A0C0A4170706C6520496
   E632E3113301106035504080C0A43616C69666F726E6961301E170D32303033313831
   38333935355A170D3330303331333030303030305A304F3123302106035504030C1A4
   170706C6520417070204174746573746174696F6E204341203131133011060355040A
   0C0A4170706C6520496E632E3113301106035504080C0A43616C69666F726E6961307
   6301006072A8648CE3D020106052B8104002203620004AE5B37A0774D79B2358F40E7
   D1F22626F1C25FEF17802DEAB3826A59874FF8D2AD1525789AA26604191248B63CB96
   7069E98D363BD5E370FBFA08E329E8073A985E7746EA359A2F66F29DB32AF455E2116
   58D567AF9E267EB2614DC21A66CE99A366306430120603551D130101FF04083006010
   1FF020100301F0603551D23041830168014AC91105333BDBE6841FFA70CA9E5FAEAE5
   E58AA1301D0603551D0E041604143EE35D1C0419A9C9B431F88474D6E1E15772E39B3
   00E0603551D0F0101FF040403020106300A06082A8648CE3D04030303690030660231
   00BBBE888D738D0502CFBCFD666D09575035BCD6872C3F8430492629EDD1F914E8799
   91C9AE8B5AEF8D3A85433F7B60D06023100AB38EDD0CC81ED00A452C3BA44F9936365
   53FECC297F2EB4DF9F5EBE5A4ACAB6995C4B820DF904386F7807BB589439B7'],
   "receipt":
   h'
   308006092A864886F70D010702A0803080020101310F300D060960864801650304020
   10500308006092A864886F70D010701A0802480048203E8318203FC301E0201020201
   010416324642454C485237324E2E4174746573745465737433308202E702010302010
   1048202DD308202D93082025FA0030201020206018102CAEBC8300A06082A8648CE3D



Wallace & Turner        Expires 24 December 2022               [Page 13]


Internet-Draft          Key Attestation Extension              June 2022


   040302304F3123302106035504030C1A4170706C65204170702041747465737461746
   96F6E204341203131133011060355040A0C0A4170706C6520496E632E311330110603
   5504080C0A43616C69666F726E6961301E170D3232303532353233353432325A170D3
   232303532383233353432325A3081913149304706035504030C403331346564623966
   626466343566616532303266396337313164623038343633656161363164316566626
   1323263303066346330643332336133383736316134311A3018060355040B0C114141
   412043657274696669636174696F6E31133011060355040A0C0A4170706C6520496E6
   32E3113301106035504080C0A43616C69666F726E69613059301306072A8648CE3D02
   0106082A8648CE3D03010703420004B93E33811520245AE150DF87055F9667324A3BC
   AA1C0C9F07AA2130D41A2EAB80AFBA47F3439007FB67F073075D234966F8308F2FD0B
   3CD347FA72114A267467A381E33081E0300C0603551D130101FF04023000300E06035
   51D0F0101FF0404030204F0307006092A864886F76364080504633061A40302010ABF
   893003020101BF893103020100BF893203020101BF893303020101BF8934180416324
   642454C485237324E2E4174746573745465737433A5060404736B7320BF8936030201
   05BF893703020100BF893903020100BF893A03020100301906092A864886F76364080
   7040C300ABF8A7806040431352E35303306092A864886F76364080204263024A12204
   2014CA34E945E603AECF8570E4B68147DF80493B77709AAFAD5429FDE7223D1B24300
   A06082A8648CE3D0403020368003065023100CD6CB7169FCDAB4BCBB7C69AE93E0078
   117A2CE717C52E349247EF93646A4A262D80709F1132A5F516E73F14FD90211602303
   DDAEA07EAAA6E4970DA39A50C0B929BAAD5A63F15C80FB5C0FC22E06E36B79F870798
   3795C53CFEE52011C0585BD064302802010402010104204BB4F5F1217EED8AEF2AEFA
   490621D1900B5BE052A7F343E0D1EF426E0C8D0233060020105020101045867723164
   6E636B564171347239453763623745616A5A424356637736456373695335525269674
   250386870424D5866744A5A2B56324455376A4E30596D56717A356A4C375731617175
   64356D5A37486E796F6B6B43673D3D300E0201060201010406415454455354300F020
   107020101040773616E64626F78302002010C0201010418323032322D30352D323654
   32333A35343A32322E3036325A302002011502010104180418323032322D30382D323
   45432333A35343A32322E3036325A000000000000A080308203AE30820354A0030201
   0202100939B4BCE90CC3A1816536372F667141300A06082A8648CE3D040302307C313
   0302E06035504030C274170706C65204170706C69636174696F6E20496E7465677261
   74696F6E2043412035202D20473131263024060355040B0C1D4170706C65204365727
   4696669636174696F6E20417574686F7269747931133011060355040A0C0A4170706C
   6520496E632E310B3009060355040613025553301E170D32323034313931333333303
   35A170D3233303531393133333330325A305A3136303406035504030C2D4170706C69
   636174696F6E204174746573746174696F6E204672617564205265636569707420536
   9676E696E6731133011060355040A0C0A4170706C6520496E632E310B300906035504
   06130255533059301306072A8648CE3D020106082A8648CE3D0301070342000439D4F
   9AA9B1CC445D65BA617ACF2C084EC6F0708D59014A0E76ECF3DEE3999A94C6BFB0155
   105555646CDA8E23E026011402D07E13B9541FD8B4D657D82E9378A38201D8308201D
   4300C0603551D130101FF04023000301F0603551D23041830168014D917FE4B679038
   4B92F4DBCED55780140B8F3DC9304306082B0601050507010104373035303306082B0
   60105050730018627687474703A2F2F6F6373702E6170706C652E636F6D2F6F637370
   30332D616169636135673130313082011C0603551D20048201133082010F3082010B0
   6092A864886F7636405013081FD3081C306082B060105050702023081B60C81B35265
   6C69616E6365206F6E207468697320636572746966696361746520627920616E79207
   06172747920617373756D657320616363657074616E6365206F662074686520746865
   6E206170706C696361626C65207374616E64617264207465726D7320616E6420636F6
   E646974696F6E73206F66207573652C20636572746966696361746520706F6C696379



Wallace & Turner        Expires 24 December 2022               [Page 14]


Internet-Draft          Key Attestation Extension              June 2022


   20616E642063657274696669636174696F6E2070726163746963652073746174656D6
   56E74732E303506082B060105050702011629687474703A2F2F7777772E6170706C65
   2E636F6D2F6365727469666963617465617574686F72697479301D0603551D0E04160
   414FB67D30DBF73B792A6265D488D2CC11D95E273F8300E0603551D0F0101FF040403
   020780300F06092A864886F763640C0F04020500300A06082A8648CE3D04030203480
   030450221009490A0673773E72F7829367623B8DD51D7C89A09EABB00E39C6E450B05
   580BD0022047341A2BD13CC054A80A3AAACC3CC1457C00545318EA338D7D6DD5F60B2
   B872E308202F93082027FA003020102021056FB83D42BFF8DC3379923B55AAE6EBD30
   0A06082A8648CE3D0403033067311B301906035504030C124170706C6520526F6F742
   04341202D20473331263024060355040B0C1D4170706C652043657274696669636174
   696F6E20417574686F7269747931133011060355040A0C0A4170706C6520496E632E3
   10B3009060355040613025553301E170D3139303332323137353333335A170D333430
   3332323030303030305A307C3130302E06035504030C274170706C65204170706C696
   36174696F6E20496E746567726174696F6E2043412035202D20473131263024060355
   040B0C1D4170706C652043657274696669636174696F6E20417574686F72697479311
   33011060355040A0C0A4170706C6520496E632E310B30090603550406130255533059
   301306072A8648CE3D020106082A8648CE3D0301070342000492CE63BD7D86B1AB280
   A3B1CE1AFFB04948091ACF631DFA6CB28356F444BE121E557DD128D8DBA827C95BE49
   FABE33CAAECD0419F12F4325FAF4BEB3CB837EBAA381F73081F4300F0603551D13010
   1FF040530030101FF301F0603551D23041830168014BBB0DEA15833889AA48A99DEBE
   BDEBAFDACB24AB304606082B06010505070101043A3038303606082B0601050507300
   1862A687474703A2F2F6F6373702E6170706C652E636F6D2F6F63737030332D617070
   6C65726F6F746361673330370603551D1F0430302E302CA02AA0288626687474703A2
   F2F63726C2E6170706C652E636F6D2F6170706C65726F6F74636167332E63726C301D
   0603551D0E04160414D917FE4B6790384B92F4DBCED55780140B8F3DC9300E0603551
   D0F0101FF0404030201063010060A2A864886F7636406020304020500300A06082A86
   48CE3D04030303680030650231008D6FA69FA1E0E4EC5B4E738A927F3D7853988FF4D
   A1F581EC3754AFE38A84C2A831A1AAA0DA6646DE1B993E8D1554CED0230673B2CB4E1
   E8370777CBD5EC76A81A3A553B3F356AC8C5E692B0E161BE804969E45F2BA96CE1110
   2AACC61D938B7734A30820243308201C9A00302010202082DC5FC88D2C54B95300A06
   082A8648CE3D0403033067311B301906035504030C124170706C6520526F6F7420434
   1202D20473331263024060355040B0C1D4170706C652043657274696669636174696F
   6E20417574686F7269747931133011060355040A0C0A4170706C6520496E632E310B3
   009060355040613025553301E170D3134303433303138313930365A170D3339303433
   303138313930365A3067311B301906035504030C124170706C6520526F6F742043412
   02D20473331263024060355040B0C1D4170706C652043657274696669636174696F6E
   20417574686F7269747931133011060355040A0C0A4170706C6520496E632E310B300
   90603550406130255533076301006072A8648CE3D020106052B810400220362000498
   E92F3D4072A4ED93227281131CDD1095F1C5A34E71DC1416D90EE5A6052A77647B5F4
   E38D3BB1C44B57FF51FB632625DC9E9845B4F304F115A00FD58580CA5F50F2C4D0747
   1375DA9797976F315CED2B9D7B203BD8B954D95E99A43A510A31A3423040301D06035
   51D0E04160414BBB0DEA15833889AA48A99DEBEBDEBAFDACB24AB300F0603551D1301
   01FF040530030101FF300E0603551D0F0101FF040403020106300A06082A8648CE3D0
   40303036800306502310083E9C1C4165E1A5D3418D9EDEFF46C0E00464BB8DFB24611
   C50FFDE67A8CA1A66BCEC203D49CF593C674B86ADFAA231502306D668A10CAD40DD44
   FCD8D433EB48A63A5336EE36DDA17B7641FC85326F9886274390B175BCB51A80CE818
   03E7A2B22800003181FC3081F9020101308190307C3130302E06035504030C2741707
   06C65204170706C69636174696F6E20496E746567726174696F6E2043412035202D20



Wallace & Turner        Expires 24 December 2022               [Page 15]


Internet-Draft          Key Attestation Extension              June 2022


   473131263024060355040B0C1D4170706C652043657274696669636174696F6E20417
   574686F7269747931133011060355040A0C0A4170706C6520496E632E310B30090603
   5504061302555302100939B4BCE90CC3A1816536372F667141300D060960864801650
   30402010500300A06082A8648CE3D0403020446304402200BDC9CC640B812CB489335
   22D595359D5F41CB4FD45FDD8AD5C948161E8A027302201CBE131DC159E4C92E0359A
   764E1263D6DDF8BCB7467D1A8C05E96BEE19FB157000000000000'}, "authData":
   h'
   504E9549A7B7379186C1DEB6F0D0E374471110E0D70B6F4AA2BAD990EA3D352D40000
   00000617070617474657374646576656C6F700020314EDB9FBDF45FAE202F9C711DB0
   8463EAA61D1EFBA22C00F4C0D323A38761A4A5010203262001215820B93E338115202
   45AE150DF87055F9667324A3BCAA1C0C9F07AA2130D41A2EAB82258200AFBA47F3439
   007FB67F073075D234966F8308F2FD0B3CD347FA72114A267467'}

   The attestation certificate, i.e., the first entry in the x5c array,
   contains an extension that features a nonce value generated by
   concatenating the authData value with a SHA256 hash of the challenge
   password (i.e., the string "Sample Nonce Value" in this case) then
   hashing the concatenation.  The value from the extension is below.

  562  51:     SEQUENCE {
  564   9:       OBJECT IDENTIFIER '1 2 840 113635 100 8 2'
  575  38:       OCTET STRING, encapsulates {
  577  36:         SEQUENCE {
  579  34:           [1] {
  581  32:             OCTET STRING
         :               14 CA 34 E9 45 E6 03 AE CF 85 70 E4 B6 81 47 DF
         :               80 49 3B 77 70 9A AF AD 54 29 FD E7 22 3D 1B 24
         :             }
         :           }
         :         }
         :       }

   Note, at present there is no registration for the "apple-appattest"
   type in the https://www.iana.org/assignments/webauthn/webauthn.xhtml
   (https://www.iana.org/assignments/webauthn/webauthn.xhtml) registry,
   which is WebAuthn-centric.  New registrations will be required for
   common formats, like the one above.

5.  Security Considerations

   See Section 13 of [WebAuthn] for additional security considerations
   related to attestation statement formats, including certificate
   revocation.

   CAs, RAs and certificate management servers will need a set of trust
   anchors to validate attestation statements that may originate from
   any number of sources.  Where possible, a dedicated trust anchor and
   issuing CA should be used when verifying a given type of attestation



Wallace & Turner        Expires 24 December 2022               [Page 16]


Internet-Draft          Key Attestation Extension              June 2022


   statement.  Where a trust anchor or issuing CA are shared for
   mulitple sources of attestation statements, including constraints in
   attestation signer certificates or attestation certificates is
   recommended.  [COTS] and [fido-metadata] define structures for
   conveying trust anchors that may be used for verifying attestations
   such that constraints are implied or are explicitly stated.
   Expression and validation of constraints imposed on trust anchors,
   CAs or attestation signers is beyond the scope of this specification.

   Key attestation statements may include a variety of information in
   addition to the public key being attested.  While not described in
   this document, CAs, RAs and certificate management servers are free
   to use any policy when evaluating this information.  This evaluation
   can result in rejection of a certificate request that features a
   verifiable key attestation for the public key contained in the
   request.  For example, an attestation statement may indicate use of
   an unacceptable firmware version.

6.  IANA Considerations

6.1.  Key attestation extension object identifier

   An object identifier from the id-pe arc defined in [RFC7299] should
   be assigned for id-pe-keyAttestation.

6.2.  Key attestation extension ASN.1 module object identifier

   An object identifier from the id-mod arc defined in [RFC7299] should
   be assigned for id-mod-keyAttestation.

6.3.  Attestation statement formats

   Section 2.1 of [RFC8809] describes registration of new attestation
   statement format types.

7.  ASN.1 Module

   The following ASN.1 module makes use of the conventions from
   [RFC5912].












Wallace & Turner        Expires 24 December 2022               [Page 17]


Internet-Draft          Key Attestation Extension              June 2022


  KeyAttestationExtn-2022
    { iso(1) identified-organization(3) dod(6)
      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-keyAttestation(TBD2) }

  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN

  IMPORTS

    id-pe
    FROM PKIX1Explicit-2009 -- from [RFC5912]
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
        mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }

    EXTENSION, ATTRIBUTE
    FROM PKIX-CommonTypes-2009 -- from [RFC5912]
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
        mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
    ;

  -- EXPORT ALL --

  ext-keyAttestation EXTENSION ::= {
    SYNTAX KeyAttestation IDENTIFIED BY id-pe-keyAttestation }

  attr-keyAttestation ATTRIBUTE ::= {
    TYPE KeyAttestation IDENTIFIED BY id-pe-keyAttestation }

  id-pe-keyAttestation OBJECT IDENTIFIER ::=  { id-pe TBD }

  KeyAttestation ::= SEQUENCE {
    hardwareSecured  BOOLEAN DEFAULT FALSE,
    attestationStatement OCTET STRING
  }

  END

8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.





Wallace & Turner        Expires 24 December 2022               [Page 18]


Internet-Draft          Key Attestation Extension              June 2022


   [RFC2986]  Nystrom, M. and B. Kaliski, "PKCS #10: Certification
              Request Syntax Specification Version 1.7", RFC 2986,
              DOI 10.17487/RFC2986, November 2000,
              <https://www.rfc-editor.org/rfc/rfc2986>.

   [RFC4210]  Adams, C., Farrell, S., Kause, T., and T. Mononen,
              "Internet X.509 Public Key Infrastructure Certificate
              Management Protocol (CMP)", RFC 4210,
              DOI 10.17487/RFC4210, September 2005,
              <https://www.rfc-editor.org/rfc/rfc4210>.

   [RFC4211]  Schaad, J., "Internet X.509 Public Key Infrastructure
              Certificate Request Message Format (CRMF)", RFC 4211,
              DOI 10.17487/RFC4211, September 2005,
              <https://www.rfc-editor.org/rfc/rfc4211>.

   [RFC5272]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC)", RFC 5272, DOI 10.17487/RFC5272, June 2008,
              <https://www.rfc-editor.org/rfc/rfc5272>.

   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
              DOI 10.17487/RFC5912, June 2010,
              <https://www.rfc-editor.org/rfc/rfc5912>.

   [RFC7030]  Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
              "Enrollment over Secure Transport", RFC 7030,
              DOI 10.17487/RFC7030, October 2013,
              <https://www.rfc-editor.org/rfc/rfc7030>.

   [RFC7299]  Housley, R., "Object Identifier Registry for the PKIX
              Working Group", RFC 7299, DOI 10.17487/RFC7299, July 2014,
              <https://www.rfc-editor.org/rfc/rfc7299>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC8809]  Hodges, J., Mandyam, G., and M. Jones, "Registries for Web
              Authentication (WebAuthn)", RFC 8809,
              DOI 10.17487/RFC8809, August 2020,
              <https://www.rfc-editor.org/rfc/rfc8809>.

   [RFC8894]  Gutmann, P., "Simple Certificate Enrolment Protocol",
              RFC 8894, DOI 10.17487/RFC8894, September 2020,
              <https://www.rfc-editor.org/rfc/rfc8894>.





Wallace & Turner        Expires 24 December 2022               [Page 19]


Internet-Draft          Key Attestation Extension              June 2022


   [WebAuthn] Hodges, J., Jones, J., Jones, M. B., Kumar, A., and E.
              Lundberg, "Web Authentication: An API for accessing Public
              Key Credentials Level 2", April 2021,
              <https://www.w3.org/TR/webauthn-2/>.

8.2.  Informative References

   [COTS]     Wallace, C. and R. Housley, "Concise TA Stores (CoTS)",
              June 2022.

   [fido-metadata]
              FIDO Alliance, "FIDO Metadata Statement", May 2021,
              <https://fidoalliance.org/specs/mds/fido-metadata-
              statement-v3.0-ps-20210518.html>.

   [I-D.draft-bweeks-acme-device-attest]
              Weeks, B., "Automated Certificate Management Environment
              (ACME) Device Attestation Extension", Work in Progress,
              Internet-Draft, draft-bweeks-acme-device-attest-00, 17 May
              2022, <https://datatracker.ietf.org/doc/html/draft-bweeks-
              acme-device-attest-00>.

   [OTA]      Apple, "Over-the-Air Profile Delivery and Configuration",
              April 2018, <https://developer.apple.com/library/archive/d
              ocumentation/NetworkingInternet/Conceptual/
              iPhoneOTAConfiguration/Introduction/Introduction.html>.

   [RFC8555]  Barnes, R., Hoffman-Andrews, J., McCarney, D., and J.
              Kasten, "Automatic Certificate Management Environment
              (ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019,
              <https://www.rfc-editor.org/rfc/rfc8555>.

   [WebAuthnReg]
              IANA, "WebAuthn Attestation Statement Format Identifiers",
              <https://www.iana.org/assignments/webauthn/
              webauthn.xhtml>.

Acknowledgments

   TODO acknowledge.

Authors' Addresses

   Carl Wallace
   Red Hound Software
   Email: carl@redhoundsoftware.com





Wallace & Turner        Expires 24 December 2022               [Page 20]


Internet-Draft          Key Attestation Extension              June 2022


   Sean Turner
   sn3rd
   Email: sean@sn3rd.com
















































Wallace & Turner        Expires 24 December 2022               [Page 21]