Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Remote ATtestation ProcedureS (rats)

WG	Name	Remote ATtestation ProcedureS
	Acronym	rats
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-rats-02 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	Issue tracker, Wiki, Zulip Stream
Personnel	Chairs	Kathleen Moriarty, Nancy Cam-Winget, Ned Smith
	Area Director	Deb Cooley
Mailing list	Address	rats@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/rats
	Archive	https://mailarchive.ietf.org/arch/browse/rats/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/rats

Charter for Working Group

Introduction

In network protocol exchanges, it is often the case that one entity (a Relying Party) requires evidence about the remote peer (and system components [RFC4949] thereof), in order to assess the trustworthiness of the peer. Remote attestation procedures (RATS) determine whether relying parties can establish a level of confidence in the trustworthiness of remote peers, called Attesters. The objective is achieved by a two-stage appraisal procedure facilitated by a trusted third party, called Verifier, with trusted links to the supply chain.

The procedures for the two stages are:

Evidence Appraisal: a Verifier applies policy and supply chain input, such as Endorsements and References Values, to create Attestation Results from Evidence.
Attestation Results Appraisal: a Relying Party applies policy to Attestation Results associated with an Attester's Evidence that originates from a trusted Verifier. The results are trust decisions regarding the Attester.

To improve the confidence in a system component's trustworthiness, a relying party may require evidence about:

system component identity,
composition of system components, including nested components,
roots of trust,
an assertion/claim origination or provenance,
manufacturing origin,
system component integrity,
system component configuration,
operational state and measurements of steps which led to the operational state, or
other factors that could influence trust decisions.

While domain-specific attestation mechanisms such as Trusted Computing Group (TCG) Trusted Platform Module (TPM)/TPM Software Stack (TSS), Fast Identity Online (FIDO) Alliance attestation, and Android Keystore attestation exist, there is no interoperable way to create and process attestation evidence to make determinations about system components among relying parties of different manufactures and origins.

Goals

The WG has defined an architecture (draft-ietf-rats-architecture) for remote attestation. The WG will standardize formats for describing evidence and attestation results and the associated procedures and protocols to convey evidence for appraisal to a verifier and attestation results to a relying party. Additionally, the WG will standardize formats for endorsements and reference values, and may apply and/or profile existing protocols (e.g., DTLS, CoAP, or MUD) to convey them to the verifier. Formats and protocols for appraisal policy for evidence and appraisal policy for attestation results are out of scope.

The WG will continue to cooperate and coordinate with other IETF WGs such as TEEP, SUIT, CoRE, ACE, and CBOR; and work with organizations in the community, such as the TCG, Global Platform, and the FIDO Alliance, as appropriate.

Program of Work

The working group will develop standards supporting interoperable remote attestation procedures for system components. The main deliverables are as follows:

Specify use cases for remote attestation (to document and achieve WG consensus but not expected to be published as an RFC).
Specify augmentations to the RATS architecture (draft-ietf-rats-architecture) in support of specific attestation techniques.
Standardize an information model for evidence and attestations results scoped by the specified use-cases.
Standardize data models that implement and secure the defined information model (e.g., CBOR Web Token structures [RFC8392], JSON Web Token structures [RFC7519]).
If feasible, use or extend existing protocols to securely convey evidence and attestation results, or if not, then standardize interoperable protocols for this purpose.
Standardize interoperable data formats to securely declare and convey endorsements and reference values.

Milestones

Date	Milestone	Associated documents
Jul 2024	Submit EAT Media types for publication	draft-ietf-rats-eat-media-type
Mar 2024	Submit Concise Reference Integrity and Endorsement Manifests for publication	draft-ietf-rats-corim
Dec 2023	Submit Entity Attestation Token for publication	draft-ietf-rats-eat
Dec 2023	Submit Reference Interaction Models to WGLC	draft-ietf-rats-reference-interaction-models
Dec 2023	Submit CBOR Tag for Unprotected CWT Claim sets for publication	draft-ietf-rats-uccs
Dec 2023	Submit Network Device Subscription to WGLC	draft-ietf-rats-network-device-subscription
Dec 2023	Submit Direct Anonymous Attestation for RATs for publication	draft-ietf-rats-daa
Dec 2023	Submit Attestation Results for Secure Interactions for publication	draft-fv-rats-ear
Dec 2023	Submit Direct Anonymous Attestation for RATs to WGLC	draft-ietf-rats-daa
Dec 2023	Submit Concise Reference Integrity and Endorsement Manifests to WGLC	draft-ietf-rats-corim
Nov 2023	Submit Network Device Subscription for publication	draft-ietf-rats-network-device-subscription
Nov 2023	Submit Reference Interaction Models	draft-ietf-rats-reference-interaction-models
Nov 2023	Submit Attestation Results for Secure Interactions for WGLC	draft-ietf-rats-ar4si
Jul 2023	Submit CBOR Tag for Unprotected CWT Claim sets to WGLC	draft-ietf-rats-uccs

Done milestones

Date	Milestone	Associated documents
Done	Submit EAT Media types to WGLC	draft-ietf-rats-eat-media-type
Done	Call for adoption on Concise Reference Integrity and Endorsement Manifests	draft-ietf-rats-corim