From nobody Thu Jun 14 20:08:16 2018
Return-Path: <lgl@island-resort.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E91130934 for <saag@ietfa.amsl.com>; Thu, 14 Jun 2018 20:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nwNidnA0ytM for <saag@ietfa.amsl.com>; Thu, 14 Jun 2018 20:08:12 -0700 (PDT)
Received: from p3plsmtpa07-08.prod.phx3.secureserver.net (p3plsmtpa07-08.prod.phx3.secureserver.net [173.201.192.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3395127AC2 for <saag@ietf.org>; Thu, 14 Jun 2018 20:08:11 -0700 (PDT)
Received: from [192.168.1.82] ([76.192.164.238]) by :SMTPAUTH: with ESMTPSA id Tf5vfnnQXifsMTf5vfrm4Q; Thu, 14 Jun 2018 20:08:11 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_165B8FCC-E81B-457F-9B1F-9459E8F0845E"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Message-Id: <737FFFD9-081A-4132-A4F4-39723191F644@island-resort.com>
Date: Thu, 14 Jun 2018 20:08:10 -0700
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Pete Resnick <presnick@qti.qualcomm.com>
To: saag@ietf.org
X-Mailer: Apple Mail (2.3445.8.2)
X-CMAE-Envelope: MS4wfO4oVdIDezbLSirOk+AZYGIo6lGXvEn0Xu8Zgn3Obfr+j4ojjkk6Cev3vtUC9driXCFUM2V8aXsMdOjUgSObgKiTJ/ZeCVNcLOuyjTX0kscOPl9V2KgJ qEFWeR7Tr+sUhGeNSjbJN+KBl/td4LIsto9xRD/solGpjCQmKbs53K850TRioOJ6GLHQg/UkzIWVTNJXqoDW2tF6RVsfvzeI83uRaMXZfW12UBSZu1nCIGpA bOlAvlgCF7KFGjNv697SnA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/VPI9kr5JQ3uon-RuWNIS6PPAJAE>
Subject: [saag] "EAT" proposal for device attestation
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2018 03:08:15 -0000

--Apple-Mail=_165B8FCC-E81B-457F-9B1F-9459E8F0845E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hello SAAG,

FYI, Some of us are interested in developing what we call an "Entity =
Attestation Token=E2=80=9D that can provide some assurance about a =
device to its remote communication peer in a general and standard way.  =
Attestation similar to this is done by FIDO, BRSKI, Intel EPID, recent =
versions of the Android key store and other, but they all use different =
formats.

We=E2=80=99re proposing CBOR and COSE for a general standard format. We =
have first draft here =
<https://tools.ietf.org/html/draft-mandyam-eat-00>.

There is a non-WG mailing list for discussion: eat@ietf.org =
<mailto:eat@ietf.org>. It is just getting started so there hasn=E2=80=99t =
been any discussion yet. I expect the core standards work would be =
aligning on claims that describe devices, but I=E2=80=99m not sure if =
folks are familiar with the current schemes out there that I mentioned =
above and what they do.

I will attend the Montreal IETF and hopefully present a HotRFC.=20

Thanks,

LL





--Apple-Mail=_165B8FCC-E81B-457F-9B1F-9459E8F0845E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
class=3D"">Hello SAAG,</div><div class=3D""><br class=3D""></div><div =
class=3D"">FYI, Some of us are interested in developing what we call an =
"Entity Attestation Token=E2=80=9D that can provide some assurance about =
a device to its remote communication peer in a general and standard way. =
&nbsp;Attestation similar to this is done by FIDO, BRSKI, Intel EPID, =
recent versions of the Android key store and other, but they all use =
different formats.</div><div class=3D""><br class=3D""></div><div =
class=3D"">We=E2=80=99re proposing CBOR and COSE for a general standard =
format. We have first draft&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-mandyam-eat-00" =
class=3D"">here</a>.<br class=3D""><div class=3D""><br =
class=3D""></div><div class=3D"">There is a non-WG mailing list for =
discussion: <a href=3D"mailto:eat@ietf.org" class=3D"">eat@ietf.org</a>. =
It is just getting started so there hasn=E2=80=99t been any discussion =
yet. I expect the core standards work would be aligning on claims that =
describe devices, but I=E2=80=99m not sure if folks are familiar with =
the current schemes out there that I mentioned above and what they =
do.</div><div class=3D""><br class=3D""></div><div class=3D"">I will =
attend the Montreal IETF and hopefully present a HotRFC.&nbsp;</div><div =
class=3D""><br class=3D""></div><div class=3D"">Thanks,</div><div =
class=3D""><br class=3D""></div><div class=3D"">LL</div><div =
class=3D""><br class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_165B8FCC-E81B-457F-9B1F-9459E8F0845E--