On Thu, 25 Jul 2024 at 21:40, Mike Ounsworth <mike.ounswo...@entrust.com> wrote: > You’d propose to put <watever_evidence_data_format> inside CMW, inside > WebAuthn, inside the device-attest-01 defined in Brandon’s draft? Is that > done? I see the registry you’re referring to of registered Webauthn > sub-formats: > https://www.iana.org/assignments/webauthn/webauthn.xhtml > but I don’t see CMW.
> Is that the intended usage of CMW; to be a sub-format of WebAuthn? Hmm, no, that'd be pretty awkward. WebAuthn/device-attest and CMW are both wrapping formats, putting one inside the other makes little sense. Either use one or the other. Stepping back a meter or two, I think device-attest is great at covering its specific use case, but I don't see it as a good fit for other, more generalised uses of attestation for enrolling. I have the case of CC workloads in mind. They are transient in nature, and there can be an unlimited number of them per device. In this scenario, the device-attest semantics are not suitable, and the fact that device-attest is opinionated about the supported identifiers (which I think is a good thing!) makes it fiddly to adapt to this situation. What I’d like to have is a more generic "attest-01" method, for which we'd have carte blanche regarding the supporting framework and we are not tied to WebAuthn/device-attest. cheers, t _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
