Hi Acme,
This is a heads-up on a set of new drafts for Ephemeral Compute
Attestation (ECA), a protocol for the ephemeral compute use case
that aligns with the ACME WG's work on RATS-based attestation.
ECA is relevant to two ongoing efforts:
1. The `draft-liu-acme-rats` specifies a RATS-based
`attestation-result-01` challenge, built on the RATS
"Passport Model".
2. The WebAuthn-based `draft-acme-device-attest` defines
the `device-attest-01` challenge for existing hardware identifiers
and notes that a future, standards-based RATS challenge
"SHOULD be used".
ECA is a concrete protocol that conceptually satisfies the
`attestation-result-01` challenge directly through the "Passport
Model". The -00 drafts use EAT, with CMW and AR4SI integration
planned for the next revision.
ECA's scope is the "secret zero" problem for ephemeral compute
(VMs, containers), contrasting with the hardware focus of
`draft-acme-device-attest`. Feedback is welcome on how this
profile fits the current ACME architecture, other relevant prior art,
or guidance on what would be required for future interop.
The work is being discussed in the RATS WG.
* Core Protocol:
https://datatracker.ietf.org/doc/draft-ritz-eca-00
* Implementation Guide:
https://datatracker.ietf.org/doc/draft-ritz-eca-impl-00
- Nathanael Ritz
_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]
