[Acme] Attested CSRs

[Anders Rundgren]

Hi ACMErs,
I just wanted to mention that key-attestation schemes represent an alternative 
to PKCS #10 (PoP).
As an example the FIDO/Google U2F-token builds on this concept.  In summary the 
advantages could be:

- HSM-secured attestation keys could vouch for slightly less secured web-server 
keys
- Alternative to backup secrets
- CSR independent of requested key usage (like ECDSA versus ECDH or ECDSA 
versus RSA_OAEP)
- True attestation (=keys can be proved to reside in secure storage) could be a 
requirement for certain certification levels although probably not for 
web-servers

The following mockup (here dressed in JCS notation), should give you an idea on 
how such a CSR could be architected:

{
  "@context": "https://letsencrypt.org/acme/v1";,
  "@qualifier": "AttestedCSR",
  "domain": "example.com",
  "nonce": "yPdYDThBqWRuKoZ24sXLOcqyKFx7abbSp8DF11rv0mo",
  "dateTime": "2015-01-02T12:25:19Z",
  "keyAttestationAlgorithm": "ACME-KA1",
  "attestedKeys":
    [{
       "id": "Key.1",
       "keyAttestation": 
"niS9_Urs0sscTE2bUkjkE7WgIALnjRdaxCHhQ...s9RdobcnDmWfE_ZUb9rHUva2I_JnZY3q1JnAkXGW_6rhA5kxn32zBoR9SvL",
       "publicKey":
         {
           "type": "RSA",
           "n": 
"ld-uUL2csxx3hbGqN_Ix48wbIgcas2i42ujmW3D2ZtT8tmr...B7VnYF56h45CD3FPLAYR9ZFNlAWdgTQi5OUdSJvAwK1w",
           "e": "AQAB"
         }
     }],
  "attestationKey":
    {
      "certificatePath": 
[MIIETTCCAjWgAwIBAgIGAUoqo740MA0GCSqGSI...uREScyhb_49Dqaq-OypeSJSChtKT4UuQTcmz2cs9Zi90RyQ7UzWNrQjoLERGLkuetIw]
    },
  "signatureKeyAttestation": 
"NrZnvexftkY_NtGcrQf2RDKizybbgWKUm8...gDUXsWfeVoF5aoFbx8OXzlFhKd_BB91OGZADSkuBacptgWETjXHNC5NUQ78W",
  "signature":
    {
      "algorithm": "ES512",
      "publicKey":
        {
          "type": "EC",
          "curve": "P-521",
          "x": 
"AP_f3bqRvBAvtC2dATIxEsXZfc-THnnMTkjOcyILsW3AFGGEp1d9NOESbIuCUw3fwFvR0WltuROBMg9ouycegZQn",
          "y": 
"ABrvjyrr0v7VcehkYbiyPM-V7Wwy7OrLWaOLn1q2TPmpqdH-PybgkAUSbwHzMNXYQNe4og5PKgRsBJWoKrxcZZLt"
        },
      "value": 
"MIGHAkIB4jih8QzkJYZ4bKa_cuwtiVTIctq66QFhA5F6TNy...-8oDgaqYUjIpFYW8yP8yuZH9ODNI6n28w5ktUBsmRIk-ixiOjSV02R6A6W"
    }
}

The key attestation properties are created inside of the attesting unit since 
the only thing an attester (of this kind NB) can sign is is something it has 
created itself which in this case is limited to key-pairs.  That is, the CSR 
body is not signed by the attestation key, but by an ephemeral signature key 
which also is attested.  The attestation itself is a signature over the public 
key.   All keys can thus be securely derived to the supplied attestationKey.

Anders

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme