The IESG has approved the following document: - 'The Entity Attestation Token (EAT)' (draft-ietf-rats-eat-29.txt) as Proposed Standard
This document is the product of the Remote ATtestation ProcedureS Working Group. The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-rats-eat/ Technical Summary An Entity Attestation Token (EAT) provides an attested claims set that describes state and characteristics of an entity, a device like a smartphone, IoT device, network equipment or such. This claims set is used by a relying party, server or service to determine how much it wishes to trust the entity. An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with attestation-oriented claims. Working Group Summary In additional to the history noted in the shepherd report, the WG held significant discussions on which claims should be sought for early allocation. -24 of this document was already approved by the IESG in January 2024. It sat in the RFCEditor queue with a MISREF state waiting for draft-ietf-suit-manifest to progress. As it became clear that the dependencies that draft-ietf-suit-manifest was waiting on were not going to be ready in the near future. The small dependency this document had on the SUIT work was removed. It ensure this revision was properly coordinated and had consensus, this document was removed from the RFC Editor queue, and underwent another WG and IETF LC. Now this document is returning for a second IESG review. Document Quality EAT Libraries: - CBOR Formats - open source project o Rust: https://github.com/carl-wallace/cbor_formats - EAT library - open source project o C: https://github.com/laurencelundblade/ctoken - A command line utility based on EAT library - open source project o C: https://github.com/laurencelundblade/xclaim EAT Profiles: - PSA o Golang: https://github.com/veraison/psatoken o C: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation o Python: https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/iat-verifier - CCA o Golang: https://github.com/veraison/ccatoken o C: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/lib/attestation - FIDO FDO - open source project o Java: https://github.com/secure-device-onboard/pri-fidoiot/blob/master/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/EatPayloadBase.java. - Global Platform - very early code of an EAT profile, may evolve into open source o https://github.com/GlobalPlatform/TPS-API-Reference-Implementations. - Microsoft Azure Attestation - proprietary o https://github.com/CCC-Attestation/meetings/blob/main/materials/GregKostal_EAT_in_MAA.pdf Personnel The Document Shepherd for this document is Ned Smith. The Responsible Area Director is Roman Danyliw. _______________________________________________ IETF-Announce mailing list -- ietf-announce@ietf.org To unsubscribe send an email to ietf-announce-le...@ietf.org
