| < draft-tschofenig-rats-psa-token-03.txt | draft-tschofenig-rats-psa-token-04.txt > | |||
|---|---|---|---|---|
| RATS H. Tschofenig, Ed. | RATS H. Tschofenig, Ed. | |||
| Internet-Draft S. Frost | Internet-Draft S. Frost | |||
| Intended status: Standards Track M. Brossard | Intended status: Standards Track M. Brossard | |||
| Expires: May 21, 2020 A. Shaw | Expires: May 23, 2020 A. Shaw | |||
| T. Fossati | T. Fossati | |||
| Arm Limited | Arm Limited | |||
| November 18, 2019 | November 20, 2019 | |||
| Arm's Platform Security Architecture (PSA) Attestation Token | Arm's Platform Security Architecture (PSA) Attestation Token | |||
| draft-tschofenig-rats-psa-token-03 | draft-tschofenig-rats-psa-token-04 | |||
| Abstract | Abstract | |||
| The insecurity of IoT systems is a widely known and discussed | The insecurity of IoT systems is a widely known and discussed | |||
| problem. The Arm Platform Security Architecture (PSA) is being | problem. The Arm Platform Security Architecture (PSA) is being | |||
| developed to address this challenge by making it easier to build | developed to address this challenge by making it easier to build | |||
| secure IoT systems. | secure IoT systems. | |||
| This document specifies token format and claims used in the | This document specifies token format and claims used in the | |||
| attestation API of the Arm Platform Security Architecture (PSA). | attestation API of the Arm Platform Security Architecture (PSA). | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 21, 2020. | This Internet-Draft will expire on May 23, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 9, line 34 ¶ | skipping to change at page 9, line 34 ¶ | |||
| 5. Claims | 5. Claims | |||
| The token is modelled to include custom values that correspond to the | The token is modelled to include custom values that correspond to the | |||
| following claims suggested in the EAT specification: | following claims suggested in the EAT specification: | |||
| - nonce (mandatory); arm_psa_nonce is used instead | - nonce (mandatory); arm_psa_nonce is used instead | |||
| - UEID (mandatory); arm_psa_UEID is used instead | - UEID (mandatory); arm_psa_UEID is used instead | |||
| - origination (recommended); arm_psa_origination is used instead | ||||
| Later revisions of this documents might phase out those custom claims | Later revisions of this documents might phase out those custom claims | |||
| to be replaced by the EAT standard claims. | to be replaced by the EAT standard claims. | |||
| As noted, some fields must be at least 32 bytes long to provide | As noted, some fields must be at least 32 bytes long to provide | |||
| sufficient cryptographic strength. | sufficient cryptographic strength. | |||
| +-------+----------------+----------------------------+-------------+ | +-------+-------------+------------------------+--------------------+ | |||
| | Claim | Claim | Claim Name | CBOR Value | | | Claim | Claim | Claim Name | CBOR Value Type | | |||
| | Key | Description | | Type | | | Key | Description | | | | |||
| +-------+----------------+----------------------------+-------------+ | +-------+-------------+------------------------+--------------------+ | |||
| | -7500 | Profile | arm_psa_profile_id | Text string | | | -7500 | Profile | arm_psa_profile_id | Text string | | |||
| | 0 | Definition | | | | | 0 | Definition | | | | |||
| | | | | | | | | | | | | |||
| | -7500 | Client ID | arm_psa_partition_id | Unsigned | | | -7500 | Client ID | arm_psa_partition_id | Unsigned integer | | |||
| | 1 | | | integer or | | | 1 | | | or Negative | | |||
| | | | | Negative | | | | | | integer | | |||
| | | | | integer | | | | | | | | |||
| | | | | | | | -7500 | Security | arm_psa_security_lifec | Unsigned integer | | |||
| | -7500 | Security | arm_psa_security_lifecycle | Unsigned | | | 2 | Lifecycle | ycle | | | |||
| | 2 | Lifecycle | | integer | | | | | | | | |||
| | | | | | | | -7500 | Implementat | arm_psa_implementation | Byte string (>=32 | | |||
| | -7500 | Implementation | arm_psa_implementation_id | Byte string | | | 3 | ion ID | _id | bytes) | | |||
| | 3 | ID | | (>=32 | | | | | | | | |||
| | | | | bytes) | | | -7500 | Boot Seed | arm_psa_boot_seed | Byte string (>=32 | | |||
| | | | | | | | 4 | | | bytes) | | |||
| | -7500 | Boot Seed | arm_psa_boot_seed | Byte string | | | | | | | | |||
| | 4 | | | (>=32 | | | -7500 | Hardware | arm_psa_hw_version | Text string | | |||
| | | | | bytes) | | | 5 | Version | | | | |||
| | | | | | | | | | | | | |||
| | -7500 | Hardware | arm_psa_hw_version | Text string | | | -7500 | Software | arm_psa_sw_components | Array of map | | |||
| | 5 | Version | | | | | 6 | Components | | entries (compound | | |||
| | | | | | | | | | | map claim). See | | |||
| | -7500 | Software | arm_psa_sw_components | Array of | | | | | | below for allowed | | |||
| | 6 | Components | | map entries | | | | | | key-values. | | |||
| | | | | (compound | | | | | | | | |||
| | | | | map claim). | | | -7500 | No Software | arm_psa_no_sw_measurem | Unsigned integer | | |||
| | | | | See below | | | 7 | Measurement | ents | | | |||
| | | | | for allowed | | | | s | | | | |||
| | | | | key-values. | | | | | | | | |||
| | | | | | | | -7500 | Auth | arm_psa_nonce | Byte string | | |||
| | -7500 | No Software | arm_psa_no_sw_measurements | Unsigned | | | 8 | Challenge | | | | |||
| | 7 | Measurements | | integer | | | | | | | | |||
| | | | | | | | -7500 | Instance ID | arm_psa_UEID | Byte string (the | | |||
| | -7500 | Auth Challenge | arm_psa_nonce | Byte string | | | 9 | | | type byte of the | | |||
| | 8 | | | | | | | | | UEID should be set | | |||
| | | | | | | | | | | to 0x01. The type | | |||
| | -7500 | Instance ID | arm_psa_UEID | Byte string | | | | | | byte is described | | |||
| | 9 | | | | | | | | | in [I-D.ietf-rats- | | |||
| | | | | | | | | | | eat].) | | |||
| | -7501 | Verification | arm_psa_origination | Byte string | | | | | | | | |||
| | 0 | Service | | | | | -7501 | Verificatio | arm_psa_origination | Byte string | | |||
| | | Indicator | | | | | 0 | n Service | | | | |||
| +-------+----------------+----------------------------+-------------+ | | | Indicator | | | | |||
| +-------+-------------+------------------------+--------------------+ | ||||
| When using the Software Components claim each key value MUST | When using the Software Components claim each key value MUST | |||
| correspond to the following types: | correspond to the following types: | |||
| 1. Text string (type) | 1. Text string (type) | |||
| 2. Byte string (measurement, >=32 bytes) | 2. Byte string (measurement, >=32 bytes) | |||
| 3. Reserved | 3. Reserved | |||
| 4. Text string (version) | 4. Text string (version) | |||
| End of changes. 6 change blocks. | ||||
| 53 lines changed or deleted | 52 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||