Email:
giridhar.mandyam@gmail.com
diff --git a/draft-ietf-rats-eat.txt b/draft-ietf-rats-eat.txt
index 6e80c53f..934574b3 100644
--- a/draft-ietf-rats-eat.txt
+++ b/draft-ietf-rats-eat.txt
@@ -5,12 +5,12 @@
RATS L. Lundblade
Internet-Draft Security Theory LLC
Intended status: Standards Track G. Mandyam
-Expires: 17 July 2024
+Expires: 3 October 2024 Mediatek USA
J. O'Donoghue
Qualcomm Technologies Inc.
C. Wallace
Red Hound Software, Inc.
- 14 January 2024
+ 1 April 2024
The Entity Attestation Token (EAT)
@@ -42,7 +42,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
- This Internet-Draft will expire on 17 July 2024.
+ This Internet-Draft will expire on 3 October 2024.
Copyright Notice
@@ -1777,7 +1777,7 @@ Table of Contents
* MUST be wrapped in a byte string when the encoding is CBOR and be
base64url-encoded when the encoding is JSON
- For CBOR-encoded detached EAT bundles, tag TBD602 can be used to
+ For CBOR-encoded detached EAT bundles, tag 602 can be used to
identify it. The standard rules apply for use or non-use of a tag.
When it is sent as a submodule, it is always sent as a tag to
distinguish it from the other types of nested tokens.
@@ -1790,7 +1790,7 @@ Table of Contents
BUNDLE-Messages = BUNDLE-Tagged-Message / BUNDLE-Untagged-Message
- BUNDLE-Tagged-Message = #6.TBD602(BUNDLE-Untagged-Message)
+ BUNDLE-Tagged-Message = #6.602(BUNDLE-Untagged-Message)
BUNDLE-Untagged-Message = Detached-EAT-Bundle
Detached-EAT-Bundle = [
@@ -2471,7 +2471,7 @@ Table of Contents
BUNDLE-Messages = BUNDLE-Tagged-Message / BUNDLE-Untagged-Message
- BUNDLE-Tagged-Message = #6.TBD602(BUNDLE-Untagged-Message)
+ BUNDLE-Tagged-Message = #6.602(BUNDLE-Untagged-Message)
BUNDLE-Untagged-Message = Detached-EAT-Bundle
Detached-EAT-Bundle = [
@@ -2488,28 +2488,27 @@ Table of Contents
- nonce-label = JC< "eat_nonce", 10 >
- ueid-label = JC< "ueid", 256 >
- sueids-label = JC< "sueids", 257 >
- oemid-label = JC< "oemid", 258 >
- hardware-model-label = JC< "hwmodel", 259 >
- hardware-version-label = JC< "hwversion", 260 >
- oem-boot-label = JC< "oemboot", 262 >
- debug-status-label = JC< "dbgstat", 263 >
- location-label = JC< "location", 264 >
- profile-label = JC< "eat_profile",265 >
- submods-label = JC< "submods", 266 >
-
- uptime-label = JC< "uptime", TBD >
- boot-seed-label = JC< "bootseed", TBD >
- intended-use-label = JC< "intuse", TBD >
- dloas-label = JC< "dloas", TBD >
- sw-name-label = JC< "swname", TBD >
- sw-version-label = JC< "swversion", TBD >
- manifests-label = JC< "manifests", TBD >
- measurements-label = JC< "measurements", TBD >
- measurement-results-label = JC< "measres" , TBD >
- boot-count-label = JC< "bootcount", TBD >
+ nonce-label = JC< "eat_nonce", 10 >
+ ueid-label = JC< "ueid", 256 >
+ sueids-label = JC< "sueids", 257 >
+ oemid-label = JC< "oemid", 258 >
+ hardware-model-label = JC< "hwmodel", 259 >
+ hardware-version-label = JC< "hwversion", 260 >
+ uptime-label = JC< "uptime", 261 >
+ oem-boot-label = JC< "oemboot", 262 >
+ debug-status-label = JC< "dbgstat", 263 >
+ location-label = JC< "location", 264 >
+ profile-label = JC< "eat_profile", 265 >
+ submods-label = JC< "submods", 266 >
+ boot-count-label = JC< "bootcount", 267 >
+ boot-seed-label = JC< "bootseed", 268 >
+ dloas-label = JC< "dloas", 269 >
+ sw-name-label = JC< "swname", 270 >
+ sw-version-label = JC< "swversion", 271 >
+ manifests-label = JC< "manifests", 272 >
+ measurements-label = JC< "measurements", 273 >
+ measurement-results-label = JC< "measres" , 274 >
+ intended-use-label = JC< "intuse", 275 >
7.3.2. CBOR-Specific CDDL
@@ -2893,7 +2892,7 @@ Table of Contents
* JWT Claim Name: "hwversion"
- * Claim Key: TBD 260
+ * Claim Key: 260
* Claim Value Type(s): array
@@ -2984,7 +2983,7 @@ Table of Contents
* JWT Claim Name: "uptime"
- * Claim Key: TBD
+ * Claim Key: 261
* Claim Value Type(s): uint
@@ -3000,7 +2999,7 @@ Table of Contents
* JWT Claim Name: "bootcount"
- * Claim Key: TBD
+ * Claim Key: 267
* Claim Value Type(s): uint
@@ -3015,7 +3014,7 @@ Table of Contents
* JWT Claim Name: "bootseed"
- * Claim Key: TBD
+ * Claim Key: 268
* Claim Value Type(s): bstr
@@ -3031,7 +3030,7 @@ Table of Contents
* JWT Claim Name: "dloas"
- * Claim Key: TBD
+ * Claim Key: 269
* Claim Value Type(s): array
@@ -3046,7 +3045,7 @@ Table of Contents
* JWT Claim Name: "swname"
- * Claim Key: TBD
+ * Claim Key: 270
* Claim Value Type(s): tstr
@@ -3061,7 +3060,7 @@ Table of Contents
* JWT Claim Name: "swversion"
- * Claim Key: TBD
+ * Claim Key: 271
* Claim Value Type(s): array
@@ -3077,7 +3076,7 @@ Table of Contents
* JWT Claim Name: "manifests"
- * Claim Key: TBD
+ * Claim Key: 272
* Claim Value Type(s): array
@@ -3093,7 +3092,7 @@ Table of Contents
* JWT Claim Name: "measurements"
- * Claim Key: TBD
+ * Claim Key: 273
* Claim Value Type(s): array
@@ -3109,7 +3108,7 @@ Table of Contents
* JWT Claim Name: "measres"
- * Claim Key: TBD
+ * Claim Key: 274
* Claim Value Type(s): array
@@ -3124,7 +3123,7 @@ Table of Contents
* JWT Claim Name: "intuse"
- * Claim Key: TBD
+ * Claim Key: 275
* Claim Value Type(s): uint
@@ -3160,13 +3159,13 @@ Table of Contents
following tag from the Specification Required space, with the present
document as the specification reference.
- +========+============+===============================+
- | Tag | Data Items | Semantics |
- +========+============+===============================+
- | TBD602 | array | Detached EAT Bundle Section 5 |
- +--------+------------+-------------------------------+
+ +=====+============+===============================+
+ | Tag | Data Items | Semantics |
+ +=====+============+===============================+
+ | 602 | array | Detached EAT Bundle Section 5 |
+ +-----+------------+-------------------------------+
- Table 4: Detached EAT Bundle Tag Registration
+ Table 4: Detached EAT Bundle Tag Registration
11. References
@@ -3303,9 +3302,9 @@ Table of Contents
Mattsson, J. P., Selander, G., Raza, S., Höglund, J., and
M. Furuhed, "CBOR Encoded X.509 Certificates (C509
Certificates)", Work in Progress, Internet-Draft, draft-
- ietf-cose-cbor-encoded-cert-07, 20 October 2023,
+ ietf-cose-cbor-encoded-cert-09, 4 March 2024,
.
+ cbor-encoded-cert-09>.
[COSE.X509.Draft]
Schaad, J., "CBOR Object Signing and Encryption (COSE):
@@ -3373,15 +3372,15 @@ Table of Contents
O. Rønningstad, "A Concise Binary Object Representation
(CBOR)-based Serialization Format for the Software Updates
for Internet of Things (SUIT) Manifest", Work in Progress,
- Internet-Draft, draft-ietf-suit-manifest-24, 23 October
- 2023, .
+ Internet-Draft, draft-ietf-suit-manifest-25, 5 February
+ 2024, .
[UCCS] Birkholz, H., O'Donoghue, J., Cam-Winget, N., and C.
Bormann, "A CBOR Tag for Unprotected CWT Claims Sets",
- Work in Progress, Internet-Draft, draft-ietf-rats-uccs-07,
- 27 November 2023, .
+ Work in Progress, Internet-Draft, draft-ietf-rats-uccs-09,
+ 4 March 2024, .
[W3C.GeoLoc]
Popescu, A., Ed., "Geolocation API Specification", W3C
@@ -4529,6 +4528,7 @@ Authors' Addresses
Giridhar Mandyam
+ Mediatek USA
Email: giridhar.mandyam@gmail.com
diff --git a/draft-ietf-rats-eat.xml b/draft-ietf-rats-eat.xml
index 3083e304..36bf2579 100644
--- a/draft-ietf-rats-eat.xml
+++ b/draft-ietf-rats-eat.xml
@@ -22,7 +22,7 @@
-
+ Mediatek USA
giridhar.mandyam@gmail.com
@@ -46,12 +46,12 @@
carl@redhoundsoftware.com
-
+
Security
RATS
signing attestation cbor
-
+
An Entity Attestation Token (EAT) provides an attested claims set
that describes state and characteristics of an entity,
@@ -62,7 +62,7 @@ claims.
-
+
Introduction
@@ -1264,7 +1264,7 @@ It can occur in any place that a CWT or JWT occurs, for example as a submodule n
MUST be wrapped in a byte string when the encoding is CBOR and be base64url-encoded when the encoding is JSON
- For CBOR-encoded detached EAT bundles, tag TBD602 can be used to identify it.
+ For CBOR-encoded detached EAT bundles, tag 602 can be used to identify it.
The standard rules apply for use or non-use of a tag.
When it is sent as a submodule, it is always sent as a tag to distinguish it from the other types of nested tokens.
The digests of the detached claims sets are associated with detached Claims-Sets by label/name.
@@ -1273,7 +1273,7 @@ Since the names are used only in the detached EAT bundle, they can be very short
-ueid-label = JC< "ueid", 256 >
-sueids-label = JC< "sueids", 257 >
-oemid-label = JC< "oemid", 258 >
-hardware-model-label = JC< "hwmodel", 259 >
-hardware-version-label = JC< "hwversion", 260 >
-oem-boot-label = JC< "oemboot", 262 >
-debug-status-label = JC< "dbgstat", 263 >
-location-label = JC< "location", 264 >
-profile-label = JC< "eat_profile",265 >
-submods-label = JC< "submods", 266 >
-
-uptime-label = JC< "uptime", TBD >
-boot-seed-label = JC< "bootseed", TBD >
-intended-use-label = JC< "intuse", TBD >
-dloas-label = JC< "dloas", TBD >
-sw-name-label = JC< "swname", TBD >
-sw-version-label = JC< "swversion", TBD >
-manifests-label = JC< "manifests", TBD >
-measurements-label = JC< "measurements", TBD >
-measurement-results-label = JC< "measres" , TBD >
-boot-count-label = JC< "bootcount", TBD >
+nonce-label = JC< "eat_nonce", 10 >
+ueid-label = JC< "ueid", 256 >
+sueids-label = JC< "sueids", 257 >
+oemid-label = JC< "oemid", 258 >
+hardware-model-label = JC< "hwmodel", 259 >
+hardware-version-label = JC< "hwversion", 260 >
+uptime-label = JC< "uptime", 261 >
+oem-boot-label = JC< "oemboot", 262 >
+debug-status-label = JC< "dbgstat", 263 >
+location-label = JC< "location", 264 >
+profile-label = JC< "eat_profile", 265 >
+submods-label = JC< "submods", 266 >
+boot-count-label = JC< "bootcount", 267 >
+boot-seed-label = JC< "bootseed", 268 >
+dloas-label = JC< "dloas", 269 >
+sw-name-label = JC< "swname", 270 >
+sw-version-label = JC< "swversion", 271 >
+manifests-label = JC< "manifests", 272 >
+measurements-label = JC< "measurements", 273 >
+measurement-results-label = JC< "measres" , 274 >
+intended-use-label = JC< "intuse", 275 >
]]>
@@ -2243,7 +2242,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "hwversion"
- Claim Key: TBD 260
+ Claim Key: 260
Claim Value Type(s): array
@@ -2387,7 +2386,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "uptime"
- Claim Key: TBD
+ Claim Key: 261
Claim Value Type(s): uint
@@ -2411,7 +2410,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "bootcount"
- Claim Key: TBD
+ Claim Key: 267
Claim Value Type(s): uint
@@ -2435,7 +2434,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "bootseed"
- Claim Key: TBD
+ Claim Key: 268
Claim Value Type(s): bstr
@@ -2459,7 +2458,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "dloas"
- Claim Key: TBD
+ Claim Key: 269
Claim Value Type(s): array
@@ -2483,7 +2482,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "swname"
- Claim Key: TBD
+ Claim Key: 270
Claim Value Type(s): tstr
@@ -2507,7 +2506,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "swversion"
- Claim Key: TBD
+ Claim Key: 271
Claim Value Type(s): array
@@ -2531,7 +2530,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "manifests"
- Claim Key: TBD
+ Claim Key: 272
Claim Value Type(s): array
@@ -2555,7 +2554,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "measurements"
- Claim Key: TBD
+ Claim Key: 273
Claim Value Type(s): array
@@ -2579,7 +2578,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "measres"
- Claim Key: TBD
+ Claim Key: 274
Claim Value Type(s): array
@@ -2603,7 +2602,7 @@ Claim 262 should be renamed from "secboot" to "oemboot" in the JWT registry and
JWT Claim Name: "intuse"
- Claim Key: TBD
+ Claim Key: 275
Claim Value Type(s): uint
@@ -2663,7 +2662,7 @@ specification reference.
- TBD602 |
+ 602 |
array |
Detached EAT Bundle |
@@ -3146,7 +3145,7 @@ specification reference.
Nexus Group
-
+
This document specifies a CBOR encoding of X.509 certificates. The
resulting certificates are called C509 Certificates. The CBOR
@@ -3155,16 +3154,17 @@ specification reference.
eUICC, and CA/Browser Forum Baseline Requirements profiles. When
used to re-encode DER encoded X.509 certificates, the CBOR encoding
can in many cases reduce the size of RFC 7925 profiled certificates
- with over 50%. The CBOR encoded structure can alternatively be
+ with over 50% while also significantly reducing memory and code size
+ compared to ASN.1. The CBOR encoded structure can alternatively be
signed directly ("natively signed"), which does not require re-
encoding for the signature to be verified. The document also
- specifies C509 COSE headers, a C509 TLS certificate type, and a C509
- file format.
+ specifies C509 Certificate Signing Requests, C509 COSE headers, a
+ C509 TLS certificate type, and a C509 file format.
-
+
@@ -3181,7 +3181,7 @@ specification reference.
Universität Bremen TZI
-
+
When transported over secure channels, CBOR Web Token (CWT, RFC 8392)
Claims Sets may not need the protection afforded by wrapping them
@@ -3192,7 +3192,7 @@ specification reference.
-
+
@@ -3211,7 +3211,7 @@ specification reference.
Nordic Semiconductor
-
+
This specification describes the format of a manifest. A manifest is
a bundle of metadata about code/data obtained by a recipient (chiefly
@@ -3224,7 +3224,7 @@ specification reference.
-
+
@@ -4316,1116 +4316,1117 @@ document:
diff --git a/index.html b/index.html
index f8f7c32b..b2f0f339 100644
--- a/index.html
+++ b/index.html
@@ -141,7 +141,7 @@
EAT |
plain text |
- same as master |
+ diff with master |
Preview for branch bundle