Hi Brandon, I’ve just read your draft and I find it very interesting.
One clarifying question: Is the mechanism you describe limited to certifying keys that are hosted in HW? Or could it also cover the case of an ephemeral / short-term keypair that resides in a TEE? Three short notes: * There's an interesting amount of privacy considerations that you may want to borrow (by reference) from Section 11 of the RATS architecture document (https://www.ietf.org/archive/id/draft-ietf-rats-architecture-19.html#section-11) * In Section 4: maybe you could reuse the Hardware Module Name defined in RFC4108 (https://datatracker.ietf.org/doc/html/rfc4108#section-5) * In Section 7.1 the registry that needs to be updated is the ACME Identifier Types Looking forward to seeing this work progress. Cheers, t IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
