- From: Monty Wiseman via GitHub <sysbot+gh@w3.org>
- Date: Tue, 05 Mar 2024 20:08:23 +0000
- To: public-webauthn@w3.org
I'm authoring the TPM2 Attestation for CSRs in IETF LAMPS. That work overlaps this and if we are open to add the proposed CSR structure (which is essentially what WebAuthn is doing here -- proving to a CA that a key is "valid") as a consideration for adoption of a "common" structure and method would be an advantage for all. That's a future discussion however, for now I've provided some higher-level explanation for how to attest to and verify a TPM2 key in the IETF Appendix that will provide some understanding and dispel some confusion above. I'm in the process of writing some sample code/scripts to demonstrate this for the IETF Hackathon. I'll post a URL to those when sufficiently done. IETF LAMPS CSR: https://github.com/lamps-wg/csr-attestation/tree/main The explanation for how to construct the material (which does provide insight into how to verify) is in this Appendix: https://github.com/lamps-wg/csr-attestation/blob/main/draft-ietf-lamps-csr-attestation.md#introduction-to-tpm2-concepts I'll be at IETF 119 if anyone is there and wants to discuss this let me know and we can meet up. If not, I can participate in any discussion necessary when I return. -- GitHub Notification of comment by mwiseman-byid Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1925#issuecomment-1979544179 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 5 March 2024 20:08:24 UTC