LAMPS M. StJohns Internet-Draft NthPermutation Security LLC Intended status: Standards Track 7 June 2023 Expires: 9 December 2023 Attestation Attributes for Use with Certification Signing Requests draft-stjohns-csr-attest-02 Abstract This document describes two ASN.1 Attribute definitions, and an ASN.1 CLASS definition for an attestation statement structure that may be used to encode key attestation data for inclusion in PKCS10 certificate requests and in other circumstances. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 9 December 2023. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. StJohns Expires 9 December 2023 [Page 1] Internet-Draft CSR Attestation Attributes June 2023 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. ASN.1 Elements . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Object Identifiers . . . . . . . . . . . . . . . . . . . 4 3.2. CertificateChoice . . . . . . . . . . . . . . . . . . . . 4 3.3. AttestAttribute . . . . . . . . . . . . . . . . . . . . . 6 3.4. AttestCertsAttribute . . . . . . . . . . . . . . . . . . 6 3.5. AttestStatement . . . . . . . . . . . . . . . . . . . . . 6 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 4.1. Object Identifier Allocations . . . . . . . . . . . . . . 8 4.1.1. Module Registration - SMI Security for PKIX Module Identifer . . . . . . . . . . . . . . . . . . . . . . 8 4.1.2. Object Identifier Registrations - SMI Security for S/ MIME Attributes . . . . . . . . . . . . . . . . . . . 8 4.2. "SMI Security for PKIX Attestation Statement Formats" Registry . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 10 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 11 A.1. Simple Attestation Example . . . . . . . . . . . . . . . 11 A.2. Example TPM V2.0 Attestation Attribute - Non Normative . 11 Appendix B. ASN.1 Module for Attestation . . . . . . . . . . . . 13 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 17 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 17 1. Introduction This document creates two ATTRIBUTE/Attribute definitions. The first Attribute may be used to carry a set of certificates or public keys that may be necessary to validate an attestation. The second Attribute carries a structure that may be used to carry key attestation statements, signatures and related data. Both of these Attribute definitions are intended to be used to carry the attestation data a Certification Authority (CA) may need to decide to issue a certificate containg the attested key. The AttestStatement structure provides an encoding that may be used regardless of the actual format and mechanisms used by an given type of attestation. In its simplest expansion it encodes a SEQUENCE of an OBJECT IDENTIFIER and a related ASN.1 type. StJohns Expires 9 December 2023 [Page 2] Internet-Draft CSR Attestation Attributes June 2023 For the purposes of this document, a "certificate" is a signed binding of a public key and some identifying or use information. An X.509 Certificate is one example, but the structures described below allow for the carriage of any identifiable type of certificate. Examples include Card Verifiable Certificates [TR-03110-3] and [EQMV] implicit certificates. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Definitions The following definitions should be used in the context of this document primarily to understand the relationship of an attestation to the ASN.1 structures used to carry an attestation in PKIX structures. As of the date of this document, the IETF lacked a common nomenclature for attestation-related terms. Attestation Engine The secure hardware and firmware used to compose and sign an attestation. Attestation Key Either the private key used to sign an attestation statement, or the related public key used to verify the attestation statement, depending on context. Attester The entity that directs the creation of an attestation statement and who owns, controls, or is permitted to use the private attestation key. Ancillary Attestation Data Any data provided from a source external to the attestation engine as part of the creation of an attestation statement and/or any additional data needed for the verification of an attestation statement. The externally provided data could be a relying party originated nonce, a time stamp, session information or other data meant to be bound in time to the attestation statement. Other additional data may be an internally formatted key, or other data needed to bridge between the attestation statement and PKIX or other relying or interpretating regimes. The format of externally provided data is not under the control of the attestation engine, but may need to be transformed, such as by hashing, before it may be incorporated within the attestation statement processing. For StJohns Expires 9 December 2023 [Page 3] Internet-Draft CSR Attestation Attributes June 2023 example, a relying party may need both the "externalData" argument for the TPM 2.0 TPM2_Certify command, and the TPMT_PUBLIC structure containing the key being certified to verify an attestation. Attestation Statement The object, any optional ancillary data incorporated during the creation of that object, and the signature over that object, created by an attestation engine at the request of an Attester to provide evidence of a fact or set of facts within the cognizance of the attestation engine at a particular point in time." Sometimes referred to simply as an "attestation". Attestation The implicit or explicit collection of an attestation statement, any ancillary data, an attestation key, and a chain of trust for that key. By convention, this contains at least the minimum data needed to cryptographically validate an attestation statement and extract any policy meaning. Key Attestation An attestation created with respect to a particular key or key pair. 3. ASN.1 Elements 3.1. Object Identifiers Placeholder for now, waiting on guidance. -- Root of IETF's PKIX OID tree id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } -- S/Mime attributes - can be used here. id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)} -- Branch for attestation statement types id-ata OBJECT IDENTIFIER ::= { id-pkix (TBD1) } 3.2. CertificateChoice This is an ASN.1 CHOICE construct used to represent an encoding of a broad variety of certificate types. StJohns Expires 9 December 2023 [Page 4] Internet-Draft CSR Attestation Attributes June 2023 CertificateChoice ::= CHOICE { cert Certificate, -- typical X.509 cert opaqueCert [0] IMPLICIT OCTET STRING, -- Format implicitly agreed upon -- by sender and receiver typedCert [1] IMPLICIT TypedCert, typedFlatCert [2] IMPLICIT TypedFlatCert } "Certificate" is a standard X.509 certificate that MUST be compliant with RFC5280. Enforcement of this constraint is left to the relying parties. "opaqueCert" should be used sparingly as it requires the receiving party to implictly know its format. It is encoded as an OCTET STRING. "TypedCert" is an ASN.1 construct that has the charateristics of a certificate, but is not encoded as an X.509 certificate. The certTypeField indicates how to interpret the certBody field. While it is possible to carry any type of data in this structure, it's intended the content field include data for at least one public key formatted as a SubjectPublicKeyInfo (see [RFC5912]). TYPED-CERT ::= TYPE-IDENTIFIER -- basically an object id and a matching ASN1 -- structure encoded as a sequence CertType ::= TYPED-CERT.&id TypedCert ::= SEQUENCE { certType TYPED-CERT.&id({TypedCertSet}), content TYPED-CERT.&Type ({TypedCertSet}{@certType}) } TypedCertSet TYPED-CERT ::= { ... -- Empty for now, } "TypedFlatCert" is a certificate that does not have a valid ASN.1 encoding. Think compact or implicit certificates as might be used with smart cards. certType indicates the format of the data in the certBody field, and ideally refers to a published specification. TypedFlatCert ::= SEQUENCE { certType OBJECT IDENTIFIER, certBody OCTET STRING } StJohns Expires 9 December 2023 [Page 5] Internet-Draft CSR Attestation Attributes June 2023 3.3. AttestAttribute By definition, Attributes within a Certification Signing Request are typed as ATTRIBUTE. This attribute definition contains one or more attestation statements of a type "AttestStatement". id-aa-attestStatement OBJECT IDENTIFIER ::= { id-aa (TBDAA2) } AttestAttribute ATTRIBUTE ::= { TYPE AttestStatement IDENTIFIED BY id-aa-attestStatement } 3.4. AttestCertsAttribute The "AttestCertsAttribute" contains a sequence of certificates that may be needed to validate the contents of an attestation statement contained in an attestAttribute. By convention, the first element of the SEQUENCE SHOULD contain the object that contains the public key needed to directly validate the attestAttribute. The remaining elements should chain that data back to an agreed upon root of trust for the attestation. id-aa-attestChainCerts OBJECT IDENTIFIER ::= { id-aa (TBDAA1) } attestCertsAttribute ATTRIBUTE ::= { TYPE SEQUENCE OF CertificateChoice COUNTS MAX 1 IDENTIFIED BY id-aa-attestChainCerts } 3.5. AttestStatement An AttestStatement is an object of class ATTEST-STATEMENT encoded as a sequence fields, of which the type of the "value" field is controlled by the value of the "type" field, similar to an Attribute definition. StJohns Expires 9 December 2023 [Page 6] Internet-Draft CSR Attestation Attributes June 2023 ATTEST-STATEMENT ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type, -- NOT optional &algidPresent ParamOptions DEFAULT absent, &sigPresent ParamOptions DEFAULT absent, &ancillaryPresent ParamOptions DEFAULT absent, &sigType DEFAULT OCTET STRING &ancillaryType DEFAULT OCTET STRING } WITH SYNTAX { TYPE &Type IDENTIFIED BY &id [ALGID IS &algidPresent] [SIGNATURE [TYPE &sigType] IS &sigPresent] [ANCILLARY [TYPE &ancillaryType] IS &ancillaryPresent] } AttestStatement { ATTEST-STATEMENT:IOSet} ::= SEQUENCE { type ATTEST-STATEMENT.&id({IOSet}), value ATTEST-STATEMENT.&Type({IOSet}{@type}), algId [0] IMPLICIT AlgorithmIdentifier OPTIONAL, signature [1] ATTEST-STATEMENT.&sigType OPTIONAL -- NOT implicit ancillaryData [2] ATTEST-STATEMENT.&ancillaryType OPTIONAL } Depending on whether the "value" field contains an entire signed attestation, or only the toBeSigned portion, the algId field may or may not be present. If present it contains the AlgorithmIdentifier of the signature algorithm used to sign the attestation statement. If absent, either the value field contains an indication of the signature algorithm, or the signature algorithm is fixed for that specific type of AttestStatement. Similarly for the "signature" field, if the "value" field contains only the toBeSigned portion of the attestation statement, this field SHOULD be present. The "signature" field may by typed as any valid ASN.1 type. Opaque signature types SHOULD specify the use of sub- typed OCTET STRING. For example: MyOpaqueSignature ::= OCTET STRING If possible, the ATTEST-STATEMENT SHOULD specify an un-wrapped representation of a signature, rather than an OCTET STRING or BIT STRING wrapped ASN.1 structure. I.e., by specifying ECDSA-Sig-Value from PKIXAlgs-2009 (see [RFC5912]) to encode an ECDSA signature. StJohns Expires 9 December 2023 [Page 7] Internet-Draft CSR Attestation Attributes June 2023 ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } The ancillaryData field contains data provided externally to the attestation engine,and/or data that may be needed to relate the attestation to other PKIX elements. The format or content of the externally provided data is not under the control of the attestation engine. For example, this field might contain a freshness nonce generated by the relying party, a signed time stamp, or even a hash of protocol data or nonce data. See below for a few different examples. 4. IANA Considerations The IANA is requested to open one new registrie, allocate a value from the "SMI Security for PKIX Module Identifier" registry for the included ASN.1 module, and allocate values from "SMI Security for S/ MIME Attributes" to identify two Attributes defined within. 4.1. Object Identifier Allocations 4.1.1. Module Registration - SMI Security for PKIX Module Identifer * Decimal: IANA Assigned - Replace TBDMOD * Description: Attest-2023 - id-mod-pkix-attest-01 * References: This Document 4.1.2. Object Identifier Registrations - SMI Security for S/MIME Attributes Attest Statement * Decimal: IANA Assigned - Replace TBDAA2 * Description: id-aa-attestStatement * References: This Document Attest Certificate Chain * Decimal: IANA Assigned - Replace TBDAA1 * Description: id-aa-attestChainCerts * References: This Document StJohns Expires 9 December 2023 [Page 8] Internet-Draft CSR Attestation Attributes June 2023 4.2. "SMI Security for PKIX Attestation Statement Formats" Registry Please open up a registry for Attestation Statement Formats within the SMI-numbers registry, allocating an assignment from id-pkix ("SMI Security for PKIX" Registry) for the purpose. * Decimal: IANA Assigned - replace TBD1 * Description: id-ata * References: This document * Initial contents: None * Registration Regime: Specification Required. Document must specify an ATTEST-STATEMENT definition to which this Object Identifier shall be bound. Columns: * Decimal: The subcomponent under id-ata * Description: Begins with id-ata * References: RFC or other document 5. Security Considerations The attributes and structures defined in this document are primarily meant to be used as additional Attributes for a PKCS10 Certification Signing Request (CSR). As such, it's up to the receiving/relying party to place as much or as little trust in the contents of these attributes as necessary to satisfy its own policies. A relying party will need either a specification defining how an attestation type was formed and how to validate that type, or a trusted method of verifying the attestation. In the former case, a relying party should consider the information available from any certificate chain covering the attesting key when deciding to accept the attestation. Most attestations will need to provide a method to convert the attested key representation into the equivalent SubjectPublicKey info structure and the attested key MUST be compared for equivalence to the public key provided in the CSR before accepting the attestation. The relying party, as always, is responsible for setting the rules for what it will accept. The presence of an AttestAttribute is not required by any current standard, but such attribute may provide the relying party with additional assurance as a prerequisite to issuing certificates or other credentials. That acceptance criteria is out of scope for this document. Whether to require an AttestAttribute or its contents in any specific use case is out-of-scope for this document. StJohns Expires 9 December 2023 [Page 9] Internet-Draft CSR Attestation Attributes June 2023 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 6.2. Informative References [EQMV] Certicom Research, "Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)", Standards for Efficient Cryptography SEC-4, January 2013, . [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, . [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019, . [TPM20] Trusted Computing Group, "Trusted Platform Module Library - Part 1: Architecture", TPM 2.0 Module Library Part1, 00-01.59, November 2019. Trusted Computing Group, "Trusted Platform Module Library - Part 2: Structures", TPM 2.0 Module Library Part2, 00-01.59, November 2019. Trusted Computing Group, "Trusted Platform Module Library - Part 2: Commands", TPM 2.0 Module Library Part2, 00-01.59, November 2019. [TR-03110-3] Federal Office for Information Security, "Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token - Part 3 Common Specifications V2.21", Federal Republic of Germany, Technical Guideline TR-03110, December 2016, . StJohns Expires 9 December 2023 [Page 10] Internet-Draft CSR Attestation Attributes June 2023 Appendix A. Examples A.1. Simple Attestation Example This is a fragment of ASN.1 meant to demonstrate an absolute minimal definition of an ATTEST-STATEMENT. A similar fragment could be used to define an ATTEST-STATEMENT for an opaque HSM vendor specific atterstation model. -- This OCTET STRING is not like any other OCTET STRING -- Please see https://example.com/simple-attest.txt, -- Structure labled "Mike's simple attest" for the -- structure of this field and how to verify the attestation MikesSimpleAttestData ::= OCTET STRING mikesSimpleAttestOid OBJECT IDENTIFIER ::= { id-mikes-root 1 } MikesSimpleAttest ATTEST-STATEMENT ::= { TYPE MikesSimpleAttestData IDENTIFIED BY mikesSimpleAttestOid -- These are all implied -- ALGID IS absent -- SIGNATURE is absent -- ANCILLARY is absent } A.2. Example TPM V2.0 Attestation Attribute - Non Normative What follows is a fragment of an ASN.1 module that might be used to define an attestation statment attribute to carry a TPM V2.0 key attestation - i.e., the output of the TPM2_Certify command. This is an example and NOT a registered definition. It's provided simply to give an example of how to write an ATTEST-STATEMENT definition and module. -- IMPORT these. -- PKI normal form for an ECDSA signature ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } -- Octet string of size n/8 where n is the -- bit size of the public modulus RSASignature ::= OCTET STRING -- One or the other of these depending on the value in TPMT_SIGNATURE StJohns Expires 9 December 2023 [Page 11] Internet-Draft CSR Attestation Attributes June 2023 TpmSignature CHOICE ::= { ecSig [0] IMPLICIT ECDSA-Sig-Value, rsaSig [1] IMPLICIT RSASignature } -- The TPM form of the public key being attested. -- Needed to verify the attestation - this is the TPMT_PUBLIC structure. TpmtPublic ::= OCTET STRING -- The TPMS_ATTEST structure as defined in TPM2.0 -- Unwrapped from the TPM2B_ATTEST provided -- by the TPM2_Certify command. TpmsAttest ::= OCTET STRING -- The qualifying data provided to a TPM2_Certify call, may be absent -- This is the contents of data field of the TPM2B_DATA structure. QualifyingData ::= OCTET STRING TpmAncillary ::= SEQUENCE { toBeAttestedPublic TpmtPublic, qualifyingData QualifyingData OPTIONAL } -- This represents a maximally unwrapped TPM V2.0 attestation. The -- output of TPM2_Certify is a TPM2B_ATTEST and a TPMT_SIGNATURE. -- The former is unwrapped into a TPMS_ATTEST and the latter is -- decomposed to provide the contents of the algId and signature fields. -- -- This attestation statement can be verified by: -- Signature siggy = Signature.getInstance (stmt.algId); -- siggy.init (attestPublicKey, VERIFY); -- siggy.update ((short)stmt.value.length) // todo: big or little endian -- siggy.update (stmt.value.data) -- bool verified = siggy.verify (getSigData(stmt.signature)); // unwrap the signature -- TpmV2AttestStatement ATTEST STATEMENT ::= { TYPE TpmsAttest IDENTIFIED BY id-ata-tpmv20-1 ALGID IS present SIGNATURE TYPE TpmSignature IS present ANCILLARY TYPE TpmAncillary IS present } This attestation is the result of executing a TPM2_Certify command over a TPM key. See [TPM20] for more details. StJohns Expires 9 December 2023 [Page 12] Internet-Draft CSR Attestation Attributes June 2023 The data portion of the value field encoded as OCTET STRING is the attestationData from the TPM2B_ATTEST produced by the TPM. In other words, strip off the TPM2B_ATTEST "size" field and place the TPMS_ATTEST encoded structure in the OCTET STRING data field. The algId is derived from the "sigAlg" field of the TPMT_SIGNATURE structure. The signature field is a TpmSignature, created by transforming the TPMU_SIGNATURE field to the appropriate structure given the signature type. The ancillary field contains a structure with the TPMT_PUBLIC structure that contains the TPM's format of the key to be attested. The attestation statement data contains a hash of this structure, and not the key itself, so the hash of this structure needs to be compared to the value in the attestation attestation statement. If that passes, the key needs to be transformed into a PKIX style key and compared to the key in the certificate signing request to complete the attestation verification. The ancillary field also contains an optional OCTET STRING which is used if the TPM2_Certify command is called with a non-zero length "qualifyingData" argument to contain that data. An AttestCertChain attribute MUST be present if this attribute is used as part of a certificate signing request. Appendix B. ASN.1 Module for Attestation The following module imports definitions from modules defined in [RFC5912] and [RFC8551]. IANA Note: Please replace TBDMOD, TBD1 and TBD2 with assigned values. -- This module provides a definition for two attributes thay may be -- used to carry key attestation information within a -- CertificationSigningRequest (aka PKCS10), or for other purposes. -- IANA - Value needed Attest-2023 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix-attest-01(TBDMOD) } DEFINITIONS EXPLICIT TAGS ::= BEGIN StJohns Expires 9 December 2023 [Page 13] Internet-Draft CSR Attestation Attributes June 2023 IMPORTS Attribute, SingleAttribute, id-pkix, Certificate FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} ATTRIBUTE,AttributeSet FROM PKIX-CommonTypes-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} ParamChoice FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} id-aa FROM SecureMimeMessageV3dot1 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) msg-v3dot1(21) } -- Repeated here for easy reference. -- id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) -- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)} -- IANA - Values needed -- Branch for attestation statement types id-ata OBJECT IDENTIFIER ::= { id-pkix (TBD1) } -- A general comment is that a certificate is a signed binding between -- public key and some identifying info. Below "cert" is an X.509 -- "Certificate". "opaqueCert" is just string of bytes that the -- receiving CA must know how to parse given information not carried -- in this object. "typedCert" and "typedFlatCert" both use an OID to -- identify their types, but differ in that the encoding for typedCert -- is always valid ASN1, whereas the typedFlatCert is just a string of -- bytes that must be interpreted according to the type. Note that a -- typedFlatCert MAY contain an encapsulated ASN1 object, but this is -- not the best use of the type and is hereby discouraged. CertificateChoice ::= CHOICE { cert Certificate, -- typical X.509 cert opaqueCert [0] IMPLICIT OCTET STRING, StJohns Expires 9 December 2023 [Page 14] Internet-Draft CSR Attestation Attributes June 2023 typedCert [1] IMPLICIT TypedCert, -- not ASN1 parseable typedFlatCert [2] IMPLICIT TypedFlatCert } -- Cribbed from definition of CONTENT-TYPE -- Alternately as TypedCert ::= SingleAttribute -- TYPED-CERT ::= TYPE-IDENTIFIER -- object id and a matching ASN1 -- structure encoded as a sequence CertType ::= TYPED-CERT.&id TypedCert ::= SEQUENCE { certType TYPED-CERT.&id({TypedCertSet}), content TYPED-CERT.&Type ({TypedCertSet}{@certType}) } TypedCertSet TYPED-CERT ::= ... -- Empty for now, } -- The receiving entity is expected to be able to parse the certBody -- field given the value of the certType field. This differs from -- TypedCert in that the contents of the certBody field are not -- necessarily well formed ASN1 in this case the certType tells you -- how to parse the body of the OCTET STRING, TypedFlatCert ::= SEQUENCE { certType OBJECT IDENTIFIER, certBody OCTET STRING } -- A sequence of certificates used to validate an attestation chain. -- By convention, the first certificate in the chain is the one that -- contains the public key used to verify the attestation. If the -- related attestStatementAttribute contains more than a single -- attestation, this attribute is expected to contain all of the -- certificates needed to validate all attestations id-aa-attestChainCerts OBJECT IDENTIFIER ::= { id-aa (TBDAA1) } attestCertCertsAttribute ATTRIBUTE ::= { TYPE SEQUENCE OF CertificateChoice COUNTS MAX 1 IDENTIFIED BY id-aa-attestChainCerts StJohns Expires 9 December 2023 [Page 15] Internet-Draft CSR Attestation Attributes June 2023 } -- If the signature is provided separately, the value field need not -- contain the signature. Note that some attestation methods include -- a signature method in the part signed by the signature and some do -- not. ATTEST-STATEMENT ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type, -- NOT optional &algidPresent ParamOptions DEFAULT absent, &sigPresent ParamOptions DEFAULT absent, &sigType DEFAULT OCTET STRING &ancillaryPresent ParamOptions DEFAULT absent, &ancillaryType DEFAULT OCTET STRING } WITH SYNTAX { TYPE &Type IDENTIFIED BY &id [ALGID IS &algidPresent] [SIGNATURE [TYPE &sigType] IS &sigPresent] [ANCILLARY [TYPE &ancillaryType] IS &ancillaryPresent] } AttestStatement { ATTEST-STATEMENT:IOSet} ::= SEQUENCE { type ATTEST-STATEMENT.&id({IOSet}), value ATTEST-STATEMENT.&Type({IOSet}{@type}), algId [0] IMPLICIT AlgorithmIdentifier OPTIONAL, signature [1] ATTEST-STATEMENT.&sigType OPTIONAL -- NOT implicit ancillaryData [2] ATTEST-STATEMENT.&ancillaryType OPTIONAL } -- An attribute that contains a attestation statement. id-aa-attestStatement OBJECT IDENTIFIER ::= { id-aa (TBDAA2) } attestAttribute ATTRIBUTE ::= { TYPE AttestStatement IDENTIFIED BY id-aa-attestStatement } END StJohns Expires 9 December 2023 [Page 16] Internet-Draft CSR Attestation Attributes June 2023 Acknowledgements Thanks to Russ Housley for a first and useful pass over the original ASN.1. Thanks to Mike Ounsworth for not complaining too much when I wrote this. Placeholder here for people who spend time reviewing the draft! Author's Address Michael StJohns NthPermutation Security LLC Germantown, MD 20874 United States of America Email: msj@nthpermutation.com StJohns Expires 9 December 2023 [Page 17]