Hi Carl, On Thu, Jul 25, 2024 at 3:19 PM Carl Wallace <c...@redhoundsoftware.com> wrote: > > Why is the extensibility mechanism in webauthn not sufficient? There's even a > registry already set up for those already: > https://www.rfc-editor.org/rfc/rfc8809#sctn-attstn-format-registry.
In the scope of Brandon's draft I think it is sufficient. I was suggesting CMW outside the scope of acme-device-attest. Note acme-device-attest assumes that the issued credentials have device granularity. permanent-identifier and hardware-module may not be sufficient if your device allows multiple, independently attesting TEEs - which is typical with confidential computing workloads. So, while covering lots of ground, it is not likely to be the final word on the matter of integrating attestation and X509 cert issuance. cheers, t _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
