| draft-ietf-rats-tpm-based-network-device-attest-12.txt | draft-ietf-rats-tpm-based-network-device-attest-13.txt | |||
|---|---|---|---|---|
| RATS Working Group G. C. Fedorkow, Ed. | RATS Working Group G. C. Fedorkow, Ed. | |||
| Internet-Draft Juniper Networks, Inc. | Internet-Draft Juniper Networks, Inc. | |||
| Intended status: Informational E. Voit | Intended status: Informational E. Voit | |||
| Expires: 27 August 2022 Cisco | Expires: 2 September 2022 Cisco | |||
| J. Fitzgerald-McKay | J. Fitzgerald-McKay | |||
| National Security Agency | National Security Agency | |||
| 23 February 2022 | 1 March 2022 | |||
| TPM-based Network Device Remote Integrity Verification | TPM-based Network Device Remote Integrity Verification | |||
| draft-ietf-rats-tpm-based-network-device-attest-12 | draft-ietf-rats-tpm-based-network-device-attest-13 | |||
| Abstract | Abstract | |||
| This document describes a workflow for remote attestation of the | This document describes a workflow for remote attestation of the | |||
| integrity of firmware and software installed on network devices that | integrity of firmware and software installed on network devices that | |||
| contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by | contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by | |||
| the Trusted Computing Group (TCG). | the Trusted Computing Group (TCG)), or equivalent hardware | |||
| implementations that include the protected capabilities, as provided | ||||
| by TPMs. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 27 August 2022. | This Internet-Draft will expire on 2 September 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.3. Document Organization . . . . . . . . . . . . . . . . . . 5 | 1.3. Document Organization . . . . . . . . . . . . . . . . . . 5 | |||
| 1.4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1.4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1.5. Description of Remote Integrity Verification (RIV) . . . 6 | 1.5. Description of Remote Integrity Verification (RIV) . . . 6 | |||
| 1.6. Solution Requirements . . . . . . . . . . . . . . . . . . 8 | 1.6. Solution Requirements . . . . . . . . . . . . . . . . . . 8 | |||
| 1.7. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 1.7. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1.7.1. Out of Scope . . . . . . . . . . . . . . . . . . . . 9 | 1.7.1. Out of Scope . . . . . . . . . . . . . . . . . . . . 9 | |||
| 2. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 10 | 2. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 2.1. RIV Software Configuration Attestation using TPM . . . . 10 | 2.1. RIV Software Configuration Attestation using TPM . . . . 9 | |||
| 2.1.1. What Does RIV Attest? . . . . . . . . . . . . . . . . 12 | 2.1.1. What Does RIV Attest? . . . . . . . . . . . . . . . . 11 | |||
| 2.1.2. Notes on PCR Allocations . . . . . . . . . . . . . . 13 | 2.1.2. Notes on PCR Allocations . . . . . . . . . . . . . . 13 | |||
| 2.2. RIV Keying . . . . . . . . . . . . . . . . . . . . . . . 15 | 2.2. RIV Keying . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 2.3. RIV Information Flow . . . . . . . . . . . . . . . . . . 16 | 2.3. RIV Information Flow . . . . . . . . . . . . . . . . . . 16 | |||
| 2.4. RIV Simplifying Assumptions . . . . . . . . . . . . . . . 18 | 2.4. RIV Simplifying Assumptions . . . . . . . . . . . . . . . 18 | |||
| 2.4.1. Reference Integrity Manifests (RIMs) . . . . . . . . 19 | 2.4.1. Reference Integrity Manifests (RIMs) . . . . . . . . 18 | |||
| 2.4.2. Attestation Logs . . . . . . . . . . . . . . . . . . 20 | 2.4.2. Attestation Logs . . . . . . . . . . . . . . . . . . 20 | |||
| 3. Standards Components . . . . . . . . . . . . . . . . . . . . 21 | 3. Standards Components . . . . . . . . . . . . . . . . . . . . 20 | |||
| 3.1. Prerequisites for RIV . . . . . . . . . . . . . . . . . . 21 | 3.1. Prerequisites for RIV . . . . . . . . . . . . . . . . . . 20 | |||
| 3.1.1. Unique Device Identity . . . . . . . . . . . . . . . 21 | 3.1.1. Unique Device Identity . . . . . . . . . . . . . . . 20 | |||
| 3.1.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . 21 | 3.1.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 3.1.3. Appraisal Policy for Evidence . . . . . . . . . . . . 21 | 3.1.3. Appraisal Policy for Evidence . . . . . . . . . . . . 21 | |||
| 3.2. Reference Model for Challenge-Response . . . . . . . . . 22 | 3.2. Reference Model for Challenge-Response . . . . . . . . . 21 | |||
| 3.2.1. Transport and Encoding . . . . . . . . . . . . . . . 24 | 3.2.1. Transport and Encoding . . . . . . . . . . . . . . . 23 | |||
| 3.3. Centralized vs Peer-to-Peer . . . . . . . . . . . . . . . 24 | 3.3. Centralized vs Peer-to-Peer . . . . . . . . . . . . . . . 24 | |||
| 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25 | 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 26 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 26 | |||
| 5.1. Keys Used in RIV . . . . . . . . . . . . . . . . . . . . 27 | 5.1. Keys Used in RIV . . . . . . . . . . . . . . . . . . . . 26 | |||
| 5.2. Prevention of Spoofing and Person-in-the-Middle | 5.2. Prevention of Spoofing and Person-in-the-Middle | |||
| Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 29 | Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 5.3. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 30 | 5.3. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 29 | |||
| 5.4. Owner-Signed Keys . . . . . . . . . . . . . . . . . . . . 30 | 5.4. Owner-Signed Keys . . . . . . . . . . . . . . . . . . . . 30 | |||
| 5.5. Other Factors for Trustworthy Operation . . . . . . . . . 31 | 5.5. Other Factors for Trustworthy Operation . . . . . . . . . 30 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 33 | 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 9. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 33 | 9. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 9.1. Using a TPM for Attestation . . . . . . . . . . . . . . . 33 | 9.1. Using a TPM for Attestation . . . . . . . . . . . . . . . 32 | |||
| 9.2. Root of Trust for Measurement . . . . . . . . . . . . . . 35 | 9.2. Root of Trust for Measurement . . . . . . . . . . . . . . 34 | |||
| 9.3. Layering Model for Network Equipment Attester and | 9.3. Layering Model for Network Equipment Attester and | |||
| Verifier . . . . . . . . . . . . . . . . . . . . . . . . 36 | Verifier . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
| 9.4. Implementation Notes . . . . . . . . . . . . . . . . . . 37 | 9.4. Implementation Notes . . . . . . . . . . . . . . . . . . 37 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 41 | 10.2. Informative References . . . . . . . . . . . . . . . . . 41 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 | |||
| 1. Introduction | 1. Introduction | |||
| There are many aspects to consider in fielding a trusted computing | There are many aspects to consider in fielding a trusted computing | |||
| device, from operating systems to applications. Mechanisms to prove | device, from operating systems to applications. Mechanisms to prove | |||
| skipping to change at page 3, line 38 ¶ | skipping to change at page 3, line 34 ¶ | |||
| [I-D.richardson-rats-usecases]. However, these documents do not | [I-D.richardson-rats-usecases]. However, these documents do not | |||
| provide sufficient guidance for network equipment vendors and | provide sufficient guidance for network equipment vendors and | |||
| operators to design, build, and deploy interoperable devices. | operators to design, build, and deploy interoperable devices. | |||
| The intent of this document is to provide such guidance. It does | The intent of this document is to provide such guidance. It does | |||
| this by outlining the Remote Integrity Verification (RIV) problem, | this by outlining the Remote Integrity Verification (RIV) problem, | |||
| and then identifies elements that are necessary to get the complete, | and then identifies elements that are necessary to get the complete, | |||
| scalable attestation procedure working with commercial networking | scalable attestation procedure working with commercial networking | |||
| products such as routers, switches and firewalls. An underlying | products such as routers, switches and firewalls. An underlying | |||
| assumption will be the availability within the device of a Trusted | assumption will be the availability within the device of a Trusted | |||
| Platform Module [TPM1.2], [TPM2.0] compliant cryptoprocessor to | Platform Module [TPM1.2], [TPM2.0] compatible cryptoprocessor to | |||
| enable the trustworthy remote assessment of the device's software and | enable the trustworthy remote assessment of the device's software and | |||
| hardware. | hardware. | |||
| 1.1. Requirements notation | 1.1. Requirements notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| skipping to change at page 9, line 32 ¶ | skipping to change at page 9, line 5 ¶ | |||
| * This solution is for use in non-privacy-preserving applications | * This solution is for use in non-privacy-preserving applications | |||
| (for example, networking, Industrial IoT), avoiding the need for a | (for example, networking, Industrial IoT), avoiding the need for a | |||
| Privacy Certificate Authority (also called an Attestation CA) for | Privacy Certificate Authority (also called an Attestation CA) for | |||
| attestation keys [AK-Enrollment] or TCG Platform Certificates | attestation keys [AK-Enrollment] or TCG Platform Certificates | |||
| [Platform-Certificates]. | [Platform-Certificates]. | |||
| * This document assumes network protocols that are common in network | * This document assumes network protocols that are common in network | |||
| equipment such as YANG [RFC7950] and NETCONF [RFC6241], but not | equipment such as YANG [RFC7950] and NETCONF [RFC6241], but not | |||
| generally used in other applications. | generally used in other applications. | |||
| * The approach outlined in this document mandates the use of a | * The approach outlined in this document mandates the use of a TPM | |||
| compliant TPM [TPM1.2], [TPM2.0]. | [TPM1.2], [TPM2.0], or a compatible cryptoprocessor. | |||
| 1.7.1. Out of Scope | 1.7.1. Out of Scope | |||
| * Run-Time Attestation: The Linux Integrity Measurement Architecture | * Run-Time Attestation: The Linux Integrity Measurement Architecture | |||
| [IMA] attests each process launched after a device is started (and | [IMA] attests each process launched after a device is started (and | |||
| is in scope for RIV in general), but continuous run-time | is in scope for RIV in general), but continuous run-time | |||
| attestation of Linux or other multi-threaded operating system | attestation of Linux or other multi-threaded operating system | |||
| processes after the OS has started considerably expands the scope | processes after the OS has started considerably expands the scope | |||
| of the problem. Many researchers are working on that problem, but | of the problem. Many researchers are working on that problem, but | |||
| this document defers the problem of continuous, in-memory run-time | this document defers the problem of continuous, in-memory run-time | |||
| skipping to change at page 39, line 6 ¶ | skipping to change at page 38, line 47 ¶ | |||
| | results and figure out what it means. | | | | results and figure out what it means. | | | |||
| -------------------------------------------------------------------- | -------------------------------------------------------------------- | |||
| Figure 7: Component Status | Figure 7: Component Status | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [Canonical-Event-Log] | [Canonical-Event-Log] | |||
| Trusted Computing Group, "DRAFT Canonical Event Log Format | Trusted Computing Group, "Canonical Event Log Format | |||
| Version: 1.0, Revision: .30", December 2020, | Version 1.0 Revision .41, February 25, 2022", December | |||
| <https://www.trustedcomputinggroup.org/wp-content/uploads/ | 2020, <https://trustedcomputinggroup.org/resource/ | |||
| TCG_IWG_CEL_v1_r0p30_13feb2021.pdf>. | canonical-event-log-format/>. | |||
| [I-D.ietf-rats-architecture] | [I-D.ietf-rats-architecture] | |||
| Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | |||
| W. Pan, "Remote Attestation Procedures Architecture", Work | W. Pan, "Remote Attestation Procedures Architecture", Work | |||
| in Progress, Internet-Draft, draft-ietf-rats-architecture- | in Progress, Internet-Draft, draft-ietf-rats-architecture- | |||
| 15, 8 February 2022, <https://www.ietf.org/archive/id/ | 15, 8 February 2022, <https://www.ietf.org/archive/id/ | |||
| draft-ietf-rats-architecture-15.txt>. | draft-ietf-rats-architecture-15.txt>. | |||
| [I-D.ietf-rats-yang-tpm-charra] | [I-D.ietf-rats-yang-tpm-charra] | |||
| Birkholz, H., Eckel, M., Bhandari, S., Voit, E., Sulzen, | Birkholz, H., Eckel, M., Bhandari, S., Voit, E., Sulzen, | |||
| B., (Frank), L. X., Laffey, T., and G. C. Fedorkow, "A | B., (Frank), L. X., Laffey, T., and G. C. Fedorkow, "A | |||
| YANG Data Model for Challenge-Response-based Remote | YANG Data Model for Challenge-Response-based Remote | |||
| Attestation Procedures using TPMs", Work in Progress, | Attestation Procedures using TPMs", Work in Progress, | |||
| Internet-Draft, draft-ietf-rats-yang-tpm-charra-13, 2 | Internet-Draft, draft-ietf-rats-yang-tpm-charra-15, 28 | |||
| February 2022, <https://www.ietf.org/archive/id/draft- | February 2022, <https://www.ietf.org/archive/id/draft- | |||
| ietf-rats-yang-tpm-charra-13.txt>. | ietf-rats-yang-tpm-charra-15.txt>. | |||
| [I-D.ietf-sacm-coswid] | [I-D.ietf-sacm-coswid] | |||
| Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | |||
| Waltermire, "Concise Software Identification Tags", Work | Waltermire, "Concise Software Identification Tags", Work | |||
| in Progress, Internet-Draft, draft-ietf-sacm-coswid-20, 26 | in Progress, Internet-Draft, draft-ietf-sacm-coswid-20, 26 | |||
| January 2022, <https://www.ietf.org/archive/id/draft-ietf- | January 2022, <https://www.ietf.org/archive/id/draft-ietf- | |||
| sacm-coswid-20.txt>. | sacm-coswid-20.txt>. | |||
| [IEEE-802-1AR] | [IEEE-802-1AR] | |||
| Seaman, M., "802.1AR-2018 - IEEE Standard for Local and | Seaman, M., "802.1AR-2018 - IEEE Standard for Local and | |||
| Metropolitan Area Networks - Secure Device Identity, IEEE | Metropolitan Area Networks - Secure Device Identity, IEEE | |||
| Computer Society", August 2018. | Computer Society", August 2018. | |||
| [IMA] dsafford, kds_etu, mzohar, reinersailer, and serge_hallyn, | [IMA] dsafford, kds_etu, mzohar, reinersailer, and serge_hallyn, | |||
| "Integrity Measurement Architecture", June 2019, | "Integrity Measurement Architecture", June 2019, | |||
| <https://sourceforge.net/p/linux-ima/wiki/Home/>. | <https://sourceforge.net/p/linux-ima/wiki/Home/>. | |||
| [PC-Client-BIOS-TPM-2.0] | [PC-Client-BIOS-TPM-2.0] | |||
| Trusted Computing Group, "PC Client Specific Platform | Trusted Computing Group, "PC Client Specific Platform | |||
| Firmware Profile Specification Family "2.0", Level 00 | Firmware Profile Specification Family "2.0", Level 00 | |||
| Revision 1.05", May 2021, | Revision 1.05 Revision 23, May 7, 2021", May 2021, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | <https://trustedcomputinggroup.org/resource/pc-client- | |||
| TCG_PCClient_PFP_r1p05_v23_pub.pdf>. | specific-platform-firmware-profile-specification/>. | |||
| [PC-Client-EFI-TPM-1.2] | [PC-Client-EFI-TPM-1.2] | |||
| Trusted Computing Group, "TCG EFI Platform Specification | Trusted Computing Group, "TCG EFI Platform Specification | |||
| for TPM Family 1.1 or 1.2, Specification Version 1.22, | for TPM Family 1.1 or 1.2, Specification Version 1.22, | |||
| Revision 15", January 2014, | Revision 15", January 2014, | |||
| <https://trustedcomputinggroup.org/resource/tcg-efi- | <https://trustedcomputinggroup.org/resource/tcg-efi- | |||
| platform-specification/>. | platform-specification/>. | |||
| [PC-Client-RIM] | [PC-Client-RIM] | |||
| Trusted Computing Group, "TCG PC Client Reference | Trusted Computing Group, "TCG PC Client Reference | |||
| Integrity Manifest Specification, v1.04", December 2019, | Integrity Manifest Specification, v1.04, Nov 4, 2020", | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | December 2019, | |||
| TCG_PC_Client_RIM_r1p04_pub.pdf>. | <https://trustedcomputinggroup.org/resource/tcg-pc-client- | |||
| reference-integrity-manifest-specification/>. | ||||
| [Platform-DevID-TPM-2.0] | [Platform-DevID-TPM-2.0] | |||
| Trusted Computing Group, "TPM 2.0 Keys for Device Identity | Trusted Computing Group, "TPM 2.0 Keys for Device Identity | |||
| and Attestation, Specification Version 1.0, Revision 2", | and Attestation, Specification Version 1.0, Revision 2", | |||
| September 2020, | September 2020, | |||
| <https://trustedcomputinggroup.org/resource/tpm-2-0-keys- | <https://trustedcomputinggroup.org/resource/tpm-2-0-keys- | |||
| for-device-identity-and-attestation/>. | for-device-identity-and-attestation/>. | |||
| [Platform-ID-TPM-1.2] | [Platform-ID-TPM-1.2] | |||
| Trusted Computing Group, "TPM Keys for Platform Identity | Trusted Computing Group, "TPM Keys for Platform Identity | |||
| skipping to change at page 41, line 10 ¶ | skipping to change at page 41, line 6 ¶ | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RIM] Trusted Computing Group, "TCG Reference Integrity Manifest | [RIM] Trusted Computing Group, "TCG Reference Integrity Manifest | |||
| (RIM) Information Model, v1.0, r0.16", June 2019, | (RIM) Information Model, v1.0, Revision 0.16, Nov 12, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | 2020", June 2019, | |||
| TCG_RIM_Model_v1p01_r0p16_pub.pdf>. | <https://trustedcomputinggroup.org/resource/tcg-reference- | |||
| integrity-manifest-rim-information-model/>. | ||||
| [SWID] The International Organization for Standardization/ | [SWID] The International Organization for Standardization/ | |||
| International Electrotechnical Commission, "Information | International Electrotechnical Commission, "Information | |||
| Technology Software Asset Management Part 2: Software | Technology Software Asset Management Part 2: Software | |||
| Identification Tag, ISO/IEC 19770-2", October 2015, | Identification Tag, ISO/IEC 19770-2", October 2015, | |||
| <https://www.iso.org/standard/65666.html>. | <https://www.iso.org/standard/65666.html>. | |||
| [TAP] Trusted Computing Group, "TCG Trusted Attestation Protocol | [TAP] Trusted Computing Group, "TCG Trusted Attestation Protocol | |||
| (TAP) Information Model for TPM Families 1.2 and 2.0 and | (TAP) Information Model for TPM Families 1.2 and 2.0 and | |||
| DICE Family 1.0, Version 1.0, Revision 0.36", October | DICE Family 1.0, Version 1.0, Revision 0.36", October | |||
| skipping to change at page 42, line 15 ¶ | skipping to change at page 42, line 15 ¶ | |||
| [I-D.birkholz-rats-tuda] | [I-D.birkholz-rats-tuda] | |||
| Fuchs, A., Birkholz, H., McDonald, I. E., and C. Bormann, | Fuchs, A., Birkholz, H., McDonald, I. E., and C. Bormann, | |||
| "Time-Based Uni-Directional Attestation", Work in | "Time-Based Uni-Directional Attestation", Work in | |||
| Progress, Internet-Draft, draft-birkholz-rats-tuda-06, 12 | Progress, Internet-Draft, draft-birkholz-rats-tuda-06, 12 | |||
| January 2022, <https://www.ietf.org/archive/id/draft- | January 2022, <https://www.ietf.org/archive/id/draft- | |||
| birkholz-rats-tuda-06.txt>. | birkholz-rats-tuda-06.txt>. | |||
| [I-D.ietf-rats-eat] | [I-D.ietf-rats-eat] | |||
| Lundblade, L., Mandyam, G., and J. O'Donoghue, "The Entity | Lundblade, L., Mandyam, G., and J. O'Donoghue, "The Entity | |||
| Attestation Token (EAT)", Work in Progress, Internet- | Attestation Token (EAT)", Work in Progress, Internet- | |||
| Draft, draft-ietf-rats-eat-11, 24 October 2021, | Draft, draft-ietf-rats-eat-12, 24 February 2022, | |||
| <https://www.ietf.org/archive/id/draft-ietf-rats-eat- | <https://www.ietf.org/archive/id/draft-ietf-rats-eat- | |||
| 11.txt>. | 12.txt>. | |||
| [I-D.richardson-rats-usecases] | [I-D.richardson-rats-usecases] | |||
| Richardson, M., Wallace, C., and W. Pan, "Use cases for | Richardson, M., Wallace, C., and W. Pan, "Use cases for | |||
| Remote Attestation common encodings", Work in Progress, | Remote Attestation common encodings", Work in Progress, | |||
| Internet-Draft, draft-richardson-rats-usecases-08, 2 | Internet-Draft, draft-richardson-rats-usecases-08, 2 | |||
| November 2020, <https://www.ietf.org/archive/id/draft- | November 2020, <https://www.ietf.org/archive/id/draft- | |||
| richardson-rats-usecases-08.txt>. | richardson-rats-usecases-08.txt>. | |||
| [IEEE-802.1AE] | [IEEE-802.1AE] | |||
| Seaman, M., "802.1AE MAC Security (MACsec)", 2018, | Seaman, M., "802.1AE MAC Security (MACsec)", 2018, | |||
| End of changes. 25 change blocks. | ||||
| 47 lines changed or deleted | 52 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||