Liaison statement
LSout to IETF RATS & LAMPS on SEC020 Identity Trust Model
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
State | Posted |
---|---|
Submitted Date | 2024-08-02 |
From Group | ETSI-ISG-NFV |
From Contact | NVF Support |
To Groups | lamps, rats |
To Contacts | Ned Smith <ned.smith@intel.com> Nancy Cam-Winget <ncamwing@cisco.com> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Russ Housley <housley@vigilsec.com> Tim Hollebeek <tim.hollebeek@digicert.com> |
Cc | Remote ATtestation ProcedureS Discussion List <rats@ietf.org> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Nancy Cam-Winget <ncamwing@cisco.com> Russ Housley <housley@vigilsec.com> Limited Additional Mechanisms for PKIX and SMIME Discussion List <spasm@ietf.org> Paul Wouters <paul.wouters@aiven.io> Deb Cooley <debcooley1@gmail.com> Ned Smith <ned.smith@intel.com> Tim Hollebeek <tim.hollebeek@digicert.com> |
Purpose | For action |
Deadline | 2024-10-07 Action Needed |
Attachments | NFV(24)000181_LSout_to_IETF_RATS___LAMPS_on_SEC020_Identity_Trust_Model |
Body |
1. Overall description: ETSI ISG NFV-SEC are currently developing the NFV-SEC 020 specification on identity management. One of the aims is to expose an identity that shall be recognized as trustable by other relying parties in an heterogenous, distributed and multi-vendor environment. The aim of the work programme is to define a trust model for the identity framework rooted to an attestation framework. The current proposal defines a Primary Verifiable Identity Document based on X.509, utilizing the Subject Directory Attributes extension (defined in RFC 5280 clause 4.2.1.8) to hold the attestation result (measres) and other claims (iat, location, dloas) based on the Entity Attestation Token (EAT) defined by the IETF RATS (draft-ietf-rats-eat-27). These attributes in the X.509 certificate enables the relying party to verify that an attestation process bound to this identity has been done successfully, and according to its security policies verify the acceptance of the certificate to start a communication with this entity. IETF is currently defining draft-ietf-lamps-csr-attestation, where the evidence is included in the CSR allowing the CA to be a relying party that will interact with an attestation verifier for the verification of this attestation evidence before issuing a certificate. The inclusion of the attestation result in the generated X.509 certificate could be an additional feature enhancement to this draft. All drafts of NFV-SEC 020 can be found at the link below: https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC020_Id_Mgmt_%26_Security_spec 2. Actions: ETSI ISG NFV-SEC would like feedback from IETF on the proposal and how any current IETF RFCs or drafts could apply. ETSI ISG NFV kindly asks your organization to: 1) provide technical feedback on the above-mentioned proposal. 2) inform ETSI ISG NFV about on-going and/or planned related activities and if possible/applicable please provide feedback/information about the realization of identity trust models. 3. Date of next meetings of the originator: 7-11 October 2024 NFV#47 plenary Paris, France In addition, NFV-SEC WG has bi-weekly decision-making conference calls every Thursday. |