|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
IETF RFC 9683 (2024)
|
|
Title:
|
Remote Integrity Verification of Network Devices Containing Trusted Platform Modules
|
|
|
2.
|
Status of approval:
|
|
|
RFC 9683 was approved as an informational document in December 2024.
|
|
3.
|
Justification for the specific reference:
|
|
|
Refer to the specification as produced by IETF to describe the definition of attestation which is used in the confidential computing orchestration.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Information on IPR issues regarding RFCs is available at: https://datatracker.ietf.org/ipr/search/.
Specifically: https://datatracker.ietf.org/ipr/search/?draft=&rfc=9683&doctitle=&group=&holder=&iprtitle=&patent=&submit=rfc
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
RFC 9683 was approved in December 2024
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
RFC 9683 was published in 2024. It is an informational document. Current standards status of this document can be found at https://datatracker.ietf.org/doc/rfc9683/
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
None.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
Normative References/
/
[CEL] Trusted Computing Group, "Canonical Event Log Format", Version 1.0, Revision 0.41, February 2022, ./
/
[IEEE-802-1AR] IEEE, "IEEE Standard for Local and Metropolitan Area Networks - Secure Device Identity", IEEE Std 802.1AR-2018, DOI 10.1109/IEEESTD.2018.8423794, August 2018, ./
/
[IMA] The kernel development community, "dm-ima", Linux Kernel 6.11, 15 September 2024, . The latest version can be found at https://docs.kernel.org/admin-guide/device-mapper/dm-ima.html./
/
[PC-CLIENT-BIOS-TPM-2.0] Trusted Computing Group, "TCG PC Client Specific Platform Firmware Profile Specification", Family "2.0", Level 00, Version 1.05, Revision 23, May 2021, ./
/
[PC-CLIENT-EFI-TPM-1.2] Trusted Computing Group, "TCG EFI Platform Specification", For TPM Family 1.1 or 1.2, Version 1.22, Revision 15, January 2014, ./
/
[PC-CLIENT-RIM] Trusted Computing Group, "TCG PC Client Reference Integrity Manifest Specification", Version 1.04, November 2020, ./
/
[PLATFORM-DEVID-TPM-2.0] Trusted Computing Group, "TPM 2.0 Keys for Device Identity and Attestation", Version 1.00, Revision 12, October 2021, ./
/
[PLATFORM-ID-TPM-1.2] Trusted Computing Group, "TCG Infrastructure WG TPM Keys for Platform Identity for TPM 1.2", Specification Version 1.0, Revision 3, August 2015, ./
/
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, ./
/
[RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, January 2006, ./
/
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, ./
/
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, ./
/
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, ./
/
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, ./
/
[RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, January 2023, ./
/
[RFC9393] Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. Waltermire, "Concise Software Identification Tags", RFC 9393, DOI 10.17487/RFC9393, June 2023, ./
/
[RFC9684] Birkholz, H., Eckel, M., Bhandari, S., Voit, E., Sulzen, B., Xia, L., Laffey, T., and G. C. Fedorkow, "A YANG Data Model for Challenge-Response-Based Remote Attestation (CHARRA) Procedures Using Trusted Platform Modules (TPMs)", RFC 9684, DOI 10.17487/RFC9684, December 2024, ./
/
[RIM] Trusted Computing Group, "TCG Reference Integrity Manifest (RIM) Information Model", Version 1.01, Revision 0.16, November 2020, ./
/
[SWID] ISO/IEC, "Information technology - IT asset management - Part 2: Software identification tag", ISO/IEC 19770-2:2015, October 2015, ./
/
[TAP] Trusted Computing Group, "TCG Trusted Attestation Protocol (TAP) Information Model for TPM Families 1.2 and 2.0 and DICE Family 1.0", Version 1.0, Revision 0.36, October 2018, ./
/
/
/
Informative References/
/
[AIK-ENROLL] Trusted Computing Group, "TCG Infrastructure Working Group A CMC Profile for AIK Certificate Enrollment", Version 1.0, Revision 7, March 2011, ./
/
[IEEE-802.1AE] IEEE, "IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Security", IEEE Std 802.1AE-2018, DOI 10.1109/IEEESTD.2018.8585421, 2018, ./
/
[IEEE-802.1X] IEEE, "IEEE Standard for Local and Metropolitan Area Networks - Port-Based Network Access Control", IEEE Std 802.1X-2020, DOI 10.1109/IEEESTD.2020.9018454, February 2020, ./
/
[LLDP] IEEE, "IEEE Standard for Local and metropolitan area networks - Station and Media Access Control Connectivity Discovery", IEEE Std 802.1AB-2016, DOI 10.1109/IEEESTD.2016.7433915, March 2016, ./
/
[NET-EQ] Trusted Computing Group, "TCG Guidance for Securing Network Equipment Using TCG Technology", Version 1.0, Revision 29, January 2018, ./
/
[NIST-IR-8060] Waltermire, D., Cheikes, B. A., Feldman, L., and G. Witte, "Guidelines for the Creation of Interoperable Software Identification (SWID) Tags", NIST NISTIR 8060, DOI 10.6028/NIST.IR.8060, April 2016, ./
/
[PLATFORM-CERTS] Trusted Computing Group, "TCG Platform Attribute Credential Profile", Specification Version 1.0, Revision 16, January 2018, ./
/
[PROV-TPM-2.0] Trusted Computing Group, "TCG TPM v2.0 Provisioning Guidance", Version 1.0, Revision 1.0, March 2017, ./
/
[RATS-EAT] Lundblade, L., Mandyam, G., O'Donoghue, J., and C. Wallace, "The Entity Attestation Token (EAT)", Work in Progress, Internet-Draft, draft-ietf-rats-eat-31, 6 September 2024, ./
/
[RATS-INTERACTION-MODELS] Birkholz, H., Eckel, M., Pan, W., and E. Voit, "Reference Interaction Models for Remote Attestation Procedures", Work in Progress, Internet-Draft, draft-ietf-rats-reference-interaction-models-11, 22 July 2024, ./
/
[RATS-NET-DEV-SUB] Birkholz, H., Voit, E., and W. Pan, "Attestation Event Stream Subscription", Work in Progress, Internet-Draft, draft-ietf-rats-network-device-subscription-05, 7 July 2024, ./
/
[RATS-TUDA] Fuchs, A., Birkholz, H., McDonald, I., and C. Bormann, "Time-Based Uni-Directional Attestation", Work in Progress, Internet-Draft, draft-birkholz-rats-tuda-07, 10 July 2022, ./
/
[RATS-USECASES] Richardson, M., Wallace, C., and W. Pan, "Use cases for Remote Attestation common encodings", Work in Progress, Internet-Draft, draft-richardson-rats-usecases-08, 2 November 2020, ./
/
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, Ed., "Extensible Authentication Protocol (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004, ./
/
[RFC6813] Salowey, J. and S. Hanna, "The Network Endpoint Assessment (NEA) Asokan Attack Analysis", RFC 6813, DOI 10.17487/RFC6813, December 2012, ./
/
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, ./
/
[RFC8572] Watsen, K., Farrer, I., and M. Abrahamsson, "Secure Zero Touch Provisioning (SZTP)", RFC 8572, DOI 10.17487/RFC8572, April 2019, ./
/
[RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., and K. Watsen, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, May 2021, ./
/
[RFC9525] Saint-Andre, P. and R. Salz, "Service Identity in TLS", RFC 9525, DOI 10.17487/RFC9525, November 2023, ./
/
[SP800-155] NIST, "BIOS Integrity Measurement Guidelines (Draft)", NIST SP 800-155 (Draft), December 2011, ./
/
[SP800-193] NIST, "Platform Firmware Resiliency Guidelines", NIST SP 800-193, DOI 10.6028/NIST.SP.800-193, May 2018, ./
/
[SWID-GEN] Labs64, "SoftWare IDentification (SWID) Tags Generator (Maven Plugin)", ./
/
[TCG-RT] Trusted Computing Group, "TCG Roots of Trust Specification", (Draft), Family "1.0", Level 00, Revision 0.20, July 2018, ./
/
[TPM-1.2] Trusted Computing Group, "TPM 1.2 Main Specification", Level 2, Version 1.2, Revision 116, March 2011, ./
/
[TPM-2.0] Trusted Computing Group, "Trusted Platform Module Library", Family "2.0", Level 00, Revision 01.83, March 2024, .
|
|
9.
|
Qualification of
ISOC/IETF:
|
|
|
9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996).
9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process.
9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
