Skip to main content

Liaison statement
LSout to IETF RATS & LAMPS on SEC020 Identity Trust Model

Additional information about IETF liaison relationships is available on the IETF webpage and the Internet Architecture Board liaison webpage.
State Posted
Submitted Date 2024-08-02
From Group ETSI-ISG-NFV
From Contact NVF Support
To Groups lamps, rats
To Contacts Ned Smith <ned.smith@intel.com>
Nancy Cam-Winget <ncamwing@cisco.com>
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Russ Housley <housley@vigilsec.com>
Tim Hollebeek <tim.hollebeek@digicert.com>
Cc Remote ATtestation ProcedureS Discussion List <rats@ietf.org>
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Nancy Cam-Winget <ncamwing@cisco.com>
Russ Housley <housley@vigilsec.com>
Limited Additional Mechanisms for PKIX and SMIME Discussion List <spasm@ietf.org>
Paul Wouters <paul.wouters@aiven.io>
Deb Cooley <debcooley1@gmail.com>
Ned Smith <ned.smith@intel.com>
Tim Hollebeek <tim.hollebeek@digicert.com>
Purpose For action
Deadline 2024-10-07 Action Needed
Attachments NFV(24)000181_LSout_to_IETF_RATS___LAMPS_on_SEC020_Identity_Trust_Model
Body
1. Overall description:
ETSI ISG NFV-SEC are currently developing the NFV-SEC 020 specification on
identity management. One of the aims is to expose an identity that shall be
recognized as trustable by other relying parties in an heterogenous,
distributed and multi-vendor environment. The aim of the work programme is to
define a trust model for the identity framework rooted to an attestation
framework.

The current proposal defines a Primary Verifiable Identity Document based on
X.509, utilizing the Subject Directory Attributes extension (defined in RFC
5280 clause 4.2.1.8) to hold the attestation result (measres) and other claims
(iat, location, dloas) based on the Entity Attestation Token (EAT) defined by
the IETF RATS (draft-ietf-rats-eat-27). These attributes in the X.509
certificate enables the relying party to verify that an attestation process
bound to this identity has been done successfully, and according to its
security policies verify the acceptance of the certificate to start a
communication with this entity.

IETF is currently defining draft-ietf-lamps-csr-attestation, where the evidence
is included in the CSR allowing the CA to be a relying party that will interact
with an attestation verifier for the verification of this attestation evidence
before issuing a certificate. The inclusion of the attestation result in the
generated X.509 certificate could be an additional feature enhancement to this
draft.

All drafts of NFV-SEC 020 can be found at the link below:
https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC020_Id_Mgmt_%26_Security_spec

2. Actions:
ETSI ISG NFV-SEC would like feedback from IETF on the proposal and how any
current IETF RFCs or drafts could apply.

ETSI ISG NFV kindly asks your organization to:
1) provide technical feedback on the above-mentioned proposal.
2) inform ETSI ISG NFV about on-going and/or planned related activities and if
possible/applicable please provide feedback/information about the realization
of identity trust models.

3. Date of next meetings of the originator:

7-11 October 2024       NFV#47 plenary                          Paris, France

In addition, NFV-SEC WG has bi-weekly decision-making conference calls every
Thursday.