| rfc9334v7.txt | rfc9334.txt | |||
|---|---|---|---|---|
| skipping to change at line 1874 ¶ | skipping to change at line 1874 ¶ | |||
| 13. IANA Considerations | 13. IANA Considerations | |||
| This document has no IANA actions. | This document has no IANA actions. | |||
| 14. References | 14. References | |||
| 14.1. Normative References | 14.1. Normative References | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., Polk, W., and RFC Publisher, "Internet X.509 | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Public Key Infrastructure Certificate and Certificate | Infrastructure Certificate and Certificate Revocation List | |||
| Revocation List (CRL) Profile", RFC 5280, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
| DOI 10.17487/RFC5280, May 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
| [RFC7519] Jones, M., Bradley, J., Sakimura, N., and RFC Publisher, | [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token | |||
| "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, | (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, | |||
| May 2015, <https://www.rfc-editor.org/info/rfc7519>. | <https://www.rfc-editor.org/info/rfc7519>. | |||
| [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., Tschofenig, H., | [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | |||
| and RFC Publisher, "CBOR Web Token (CWT)", RFC 8392, | "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | |||
| DOI 10.17487/RFC8392, May 2018, | May 2018, <https://www.rfc-editor.org/info/rfc8392>. | |||
| <https://www.rfc-editor.org/info/rfc8392>. | ||||
| 14.2. Informative References | 14.2. Informative References | |||
| [CCC-DeepDive] | [CCC-DeepDive] | |||
| Confidential Computing Consortium, "A Technical Analysis | Confidential Computing Consortium, "A Technical Analysis | |||
| of Confidential Computing", Version 1.3, November 2022, | of Confidential Computing", Version 1.3, November 2022, | |||
| <https://confidentialcomputing.io/white-papers-reports>. | <https://confidentialcomputing.io/white-papers-reports>. | |||
| [CTAP] FIDO Alliance, "Client to Authenticator Protocol (CTAP)", | [CTAP] FIDO Alliance, "Client to Authenticator Protocol (CTAP)", | |||
| February 2018, <https://fidoalliance.org/specs/fido-v2.0- | February 2018, <https://fidoalliance.org/specs/fido-v2.0- | |||
| skipping to change at line 1921 ¶ | skipping to change at line 1919 ¶ | |||
| model/>. | model/>. | |||
| [RATS-DAA] Birkholz, H., Newton, C., Chen, L., and D. Thaler, "Direct | [RATS-DAA] Birkholz, H., Newton, C., Chen, L., and D. Thaler, "Direct | |||
| Anonymous Attestation for the Remote Attestation | Anonymous Attestation for the Remote Attestation | |||
| Procedures Architecture", Work in Progress, Internet- | Procedures Architecture", Work in Progress, Internet- | |||
| Draft, draft-ietf-rats-daa-02, 7 September 2022, | Draft, draft-ietf-rats-daa-02, 7 September 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-rats- | <https://datatracker.ietf.org/doc/html/draft-ietf-rats- | |||
| daa-02>. | daa-02>. | |||
| [RATS-PSA-TOKEN] | [RATS-PSA-TOKEN] | |||
| Tschofenig, H., Frost, S., Brossard, M., Shaw, A. L., and | Tschofenig, H., Frost, S., Brossard, M., Shaw, A., and T. | |||
| T. Fossati, "Arm's Platform Security Architecture (PSA) | Fossati, "Arm's Platform Security Architecture (PSA) | |||
| Attestation Token", Work in Progress, Internet-Draft, | Attestation Token", Work in Progress, Internet-Draft, | |||
| draft-tschofenig-rats-psa-token-10, 6 September 2022, | draft-tschofenig-rats-psa-token-10, 6 September 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-tschofenig- | <https://datatracker.ietf.org/doc/html/draft-tschofenig- | |||
| rats-psa-token-10>. | rats-psa-token-10>. | |||
| [RATS-TUDA] | [RATS-TUDA] | |||
| Fuchs, A., Birkholz, H., McDonald, I., and C. Bormann, | Fuchs, A., Birkholz, H., McDonald, I., and C. Bormann, | |||
| "Time-Based Uni-Directional Attestation", Work in | "Time-Based Uni-Directional Attestation", Work in | |||
| Progress, Internet-Draft, draft-birkholz-rats-tuda-07, 10 | Progress, Internet-Draft, draft-birkholz-rats-tuda-07, 10 | |||
| July 2022, <https://datatracker.ietf.org/doc/html/draft- | July 2022, <https://datatracker.ietf.org/doc/html/draft- | |||
| birkholz-rats-tuda-07>. | birkholz-rats-tuda-07>. | |||
| [RATS-UCCS] | [RATS-UCCS] | |||
| Birkholz, H., O'Donoghue, J., Cam-Winget, N., and C. | Birkholz, H., O'Donoghue, J., Cam-Winget, N., and C. | |||
| Bormann, "A CBOR Tag for Unprotected CWT Claims Sets", | Bormann, "A CBOR Tag for Unprotected CWT Claims Sets", | |||
| Work in Progress, Internet-Draft, draft-ietf-rats-uccs-03, | Work in Progress, Internet-Draft, draft-ietf-rats-uccs-04, | |||
| 11 July 2022, <https://datatracker.ietf.org/doc/html/ | 11 January 2023, <https://datatracker.ietf.org/doc/html/ | |||
| draft-ietf-rats-uccs-03>. | draft-ietf-rats-uccs-04>. | |||
| [RFC4086] Eastlake 3rd, D., Schiller, J., Crocker, S., and RFC | [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | |||
| Publisher, "Randomness Requirements for Security", | "Randomness Requirements for Security", BCP 106, RFC 4086, | |||
| BCP 106, RFC 4086, DOI 10.17487/RFC4086, June 2005, | DOI 10.17487/RFC4086, June 2005, | |||
| <https://www.rfc-editor.org/info/rfc4086>. | <https://www.rfc-editor.org/info/rfc4086>. | |||
| [RFC4949] Shirey, R. and RFC Publisher, "Internet Security Glossary, | [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", | |||
| Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August | FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, | |||
| 2007, <https://www.rfc-editor.org/info/rfc4949>. | <https://www.rfc-editor.org/info/rfc4949>. | |||
| [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., Tardo, | [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. | |||
| J., and RFC Publisher, "Network Endpoint Assessment (NEA): | Tardo, "Network Endpoint Assessment (NEA): Overview and | |||
| Overview and Requirements", RFC 5209, | Requirements", RFC 5209, DOI 10.17487/RFC5209, June 2008, | |||
| DOI 10.17487/RFC5209, June 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5209>. | <https://www.rfc-editor.org/info/rfc5209>. | |||
| [RFC6024] Reddy, R., Wallace, C., and RFC Publisher, "Trust Anchor | [RFC6024] Reddy, R. and C. Wallace, "Trust Anchor Management | |||
| Management Requirements", RFC 6024, DOI 10.17487/RFC6024, | Requirements", RFC 6024, DOI 10.17487/RFC6024, October | |||
| October 2010, <https://www.rfc-editor.org/info/rfc6024>. | 2010, <https://www.rfc-editor.org/info/rfc6024>. | |||
| [RFC8322] Field, J., Banghart, S., Waltermire, D., and RFC | [RFC8322] Field, J., Banghart, S., and D. Waltermire, "Resource- | |||
| Publisher, "Resource-Oriented Lightweight Information | Oriented Lightweight Information Exchange (ROLIE)", | |||
| Exchange (ROLIE)", RFC 8322, DOI 10.17487/RFC8322, | RFC 8322, DOI 10.17487/RFC8322, February 2018, | |||
| February 2018, <https://www.rfc-editor.org/info/rfc8322>. | <https://www.rfc-editor.org/info/rfc8322>. | |||
| [strengthoffunction] | [strengthoffunction] | |||
| NIST, "Strength of Function", | NIST, "Strength of Function", | |||
| <https://csrc.nist.gov/glossary/term/ | <https://csrc.nist.gov/glossary/term/ | |||
| strength_of_function>. | strength_of_function>. | |||
| [TCG-DICE] Trusted Computing Group, "DICE Attestation Architecture", | [TCG-DICE] Trusted Computing Group, "DICE Attestation Architecture", | |||
| Version 1.00, Revision 0.23, March 2021, | Version 1.00, Revision 0.23, March 2021, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | <https://trustedcomputinggroup.org/wp-content/uploads/ | |||
| DICE-Attestation-Architecture-r23-final.pdf>. | DICE-Attestation-Architecture-r23-final.pdf>. | |||
| skipping to change at line 1988 ¶ | skipping to change at line 1985 ¶ | |||
| Attestation", Version 1.0, Revision 0.95, January 2020, | Attestation", Version 1.0, Revision 0.95, January 2020, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | <https://trustedcomputinggroup.org/wp-content/uploads/ | |||
| TCG_DICE_SymIDAttest_v1_r0p95_pub-1.pdf>. | TCG_DICE_SymIDAttest_v1_r0p95_pub-1.pdf>. | |||
| [TCGarch] Trusted Computing Group, "Trusted Platform Module Library, | [TCGarch] Trusted Computing Group, "Trusted Platform Module Library, | |||
| Part 1: Architecture", November 2019, | Part 1: Architecture", November 2019, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | <https://trustedcomputinggroup.org/wp-content/uploads/ | |||
| TCG_TPM2_r1p59_Part1_Architecture_pub.pdf>. | TCG_TPM2_r1p59_Part1_Architecture_pub.pdf>. | |||
| [TEEP-ARCH] | [TEEP-ARCH] | |||
| Pei, M., Tschofenig, H., Thaler, D., and D. M. Wheeler, | Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, | |||
| "Trusted Execution Environment Provisioning (TEEP) | "Trusted Execution Environment Provisioning (TEEP) | |||
| Architecture", Work in Progress, Internet-Draft, draft- | Architecture", Work in Progress, Internet-Draft, draft- | |||
| ietf-teep-architecture-19, 24 October 2022, | ietf-teep-architecture-19, 24 October 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-teep- | <https://datatracker.ietf.org/doc/html/draft-ietf-teep- | |||
| architecture-19>. | architecture-19>. | |||
| [TLS-CWT] Tschofenig, H. and M. Brossard, "Using CBOR Web Tokens | [TLS-CWT] Tschofenig, H. and M. Brossard, "Using CBOR Web Tokens | |||
| (CWTs) in Transport Layer Security (TLS) and Datagram | (CWTs) in Transport Layer Security (TLS) and Datagram | |||
| Transport Layer Security (DTLS)", Work in Progress, | Transport Layer Security (DTLS)", Work in Progress, | |||
| Internet-Draft, draft-tschofenig-tls-cwt-02, 13 July 2020, | Internet-Draft, draft-tschofenig-tls-cwt-02, 13 July 2020, | |||
| skipping to change at line 2360 ¶ | skipping to change at line 2357 ¶ | |||
| |<---Nonce-----------time(NR_r) | | |<---Nonce-----------time(NR_r) | | |||
| | | | | | | | | |||
| time(EG_a) | | | time(EG_a) | | | |||
| | | | | | | | | |||
| +----Evidence{Nonce}--->| | | +----Evidence{Nonce}--->| | | |||
| | | | | | | | | |||
| | time(ER_r) ---Evidence{Nonce}--->| | | time(ER_r) ---Evidence{Nonce}--->| | |||
| | | | | | | | | |||
| | | time(RG_v) | | | time(RG_v) | |||
| | | | | | | | | |||
| | ime(RA_r) <---Attestation Result--+ | | time(RA_r) <---Attestation Result--+ | |||
| | | {time(RX_v)-time(RG_v)} | | | | {time(RX_v)-time(RG_v)} | | |||
| ~ ~ ~ | ~ ~ ~ | |||
| | | | | | | | | |||
| | time(OP_r) | | | time(OP_r) | | |||
| Figure 14: Nonce-Based Background-Check Model | Figure 14: Nonce-Based Background-Check Model | |||
| The Verifier can check whether the Evidence is fresh and a Claim | The Verifier can check whether the Evidence is fresh and a Claim | |||
| value is recent, which is the same as Example 2. | value is recent, which is the same as Example 2. | |||
| End of changes. 12 change blocks. | ||||
| 35 lines changed or deleted | 32 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||