Hi Yoav,
hi list,
sorry for the straggling reply (it is still 2025-12-10 somewhere). I
reviewed the current I-D and I am glad to see
I.D-ietf-lamps-csr-attestation reused already. draft-liu-acme-rats is an
intuitive next step.
I support the adoption.
Some comments:
While the current I-D highlights in its Introduction that Evidence or
Attestation Results are to be conveyed by the ACME Client, that changes
directly in 1.1 "Attestation Results only" which focuses on the passport
model. That is fine, but a bit confusing. Are there plans to expose
Evidence to the CA/RA at some point as well? Section 1.1 starts with
"This document currently only".
An "AR only" scope renders Section 5. "ACME Attest Claims Hint" even
more interesting. The I-D highlights a note that says "unclear if this
is still important", but it seems to me, this is a relevant step towards
interoperability. Firstly, in the current I-D the CA/RA has basically no
influence which Verifier it has to trust in the end. By taking on the
role of a Relying Party, requiring some standardized content in the
Attestation Result provides at minimum that a capable Veriifer is
selected on the Client side. Why to trust a Verifier is still an open
question - but also not an uncommon one. I am not sure how much of that
question can be out-of-scope.
In general, the concept of the Relying Party triggering the whole remote
attestation procedure by requesting certain claim (i.e. a type of view)
so that the Verifier can then issue a corresponding Claims Selection to
the Attester (in this case, the ACME client) has been under discussion
by RATS participants for quite some while now. Maybe this I-D can be
used as a driving use case in the RATS WG to specify that kind of
Relying Party driven remote attestation, as well.
Viele Grüße,
Henk
On 10.12.25 18:10, Yoav Nir wrote:
… and we’re done.
So I think very obviously there is consensus to adopt. Thomas Fossati
raised some reservations, but (1) those were answered to his
satisfaction (I think) and (2) the bar for adoption is not
ready-to-ship, but ready to be worked on.
Authors, please re-post as draft-ietf-acme-rats, and thank you to all
who participated in this CfA.
Yoav
(on behalf of the chairs)
On 9 Dec 2025, at 6:25, Yoav Nir <[email protected]> wrote:
[with chair hat on]
One more day to go…
In case anyone has missed it, Huawei has published an IPR disclosure
about this draft.
IPR Details - Huawei Technologies Co.,Ltd's Statement about IPR
related to draft-liu-acme-rats <https://datatracker.ietf.org/ipr/7099/>
datatracker.ietf.org <https://datatracker.ietf.org/ipr/7099/>
<ietf-logo-nor-180.png> <https://datatracker.ietf.org/ipr/7099/>
<https://datatracker.ietf.org/ipr/7099/>
It looks similar to other such disclosures, but IANAL.
An IPR disclosure is no bar to publication, let alone adoption, but I
wasnted to call it out in order for us to make an informed decision.
Yoav
On 27 Nov 2025, at 2:38, Mike Ounsworth via Datatracker
<[email protected]> wrote:
Subject: Call for adoption: draft-liu-acme-rats-02 (Ends 2025-12-10)
This message starts a 2-week Call for Adoption for this document.
Abstract:
This document describes an approach where an ACME Server can
challenge an ACME Client to provide a Remote Attestation Evidence or
Remote Attestation Result in any format supported by the Conceptual
Message Wrapper.
The ACME Server can optionally challenge the Client for specific
claims that it wishes attestation for.
File can be retrieved from:
https://datatracker.ietf.org/doc/draft-liu-acme-rats/
Please reply to this message keeping [email protected] in copy by indicating
whether you support or not the adoption of this draft as a WG document.
Comments to motivate your preference are highly appreciated.
Authors, and WG participants in general, are reminded of the Intellectual
Property Rights (IPR) disclosure obligations described in BCP 79 [2].
Appropriate IPR disclosures required for full conformance with the
provisions
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
Sanctions available for application to violators of IETF IPR Policy
can be
found at [3].
Thank you.
[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/
_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]
