On 15.11.23 17:33, Martin Bartosch via OpenXPKI-users wrote:
Hi Jeremy,
There is a draft RFC which proposes to add the capability to convey private key
attestation to an enrollment server:
https://www.ietf.org/archive/id/draft-ietf-lamps-key-attestation-ext-00.html
This covers all protocols and all attestation sources. I have been working
with Android KeyStore and KeyChain lately and this certainly seems possible on
the client end.
I haven't looked at the other draft(s) mentioned in the above RFC, or for any
approved standards, but I hope this is enough to start a conversation.
This is certainly an interesting development (and an official RFC covering this
would have been really useful in one of my projects a decade ago...)
As of today, this is still an IETF draft, not an RFC. Let's see how this
develops, I would assume that we will see several years before it makes it to
an offical RFC (if at all).
Well, SCEP was also a draft for a long time and I guess that Apple or
Google are as powerful "market makers" as Cisco was in the ancient
times. So I wont bet on the timeline but hopefully it will not be the
same mess as with SCEP :D
Jeremey - if you have such a CSR at hand, send it to me and I will see
if we can add at least add a parser for the attributes in a first step.
Oliver
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
