Android Key Attestation <https://developer.android.com/training/articles/security-key-attestation> does this today. It is part of the Android Keystore that is usually implemented in the TEE. This feature is on Android P (maybe O too, I can’t recall for sure).
It implements some of the same functionality as EAT, but uses an X.509 certificate for syntax. All the claims are in the X.509 v3 extensions in ASN.1 format. It is very oriented around key attestation as David requested the addition of. See here <https://developer.android.com/training/articles/security-key-attestation#certificate_schema>. LL > On Jun 21, 2018, at 11:02 PM, Eliot Lear <l...@cisco.com> wrote: > > By the way, a lot *has* changed. If we can use the TEE to get signed > information out... if *it* is the attester, that's a pretty big benefit. > That just leaves the protocol gorp. But one needs to know that there is a > TEE. > > > On 21.06.18 22:04, Hannes Tschofenig wrote: >> That’s a good question, Eliot. Let me put something together for the IETF >> meeting >> <> >> From: Eliot Lear [mailto:l...@cisco.com <mailto:l...@cisco.com>] >> Sent: 21 June 2018 20:17 >> To: Hannes Tschofenig; oauth@ietf.org <mailto:oauth@ietf.org> >> Cc: Laurence Lundblade; e...@ietf.org <mailto:e...@ietf.org> >> Subject: Re: [OAUTH-WG] Standardizing Attestation Tokens >> >> Hi Hannes, >> >> The draft is interesting, but it looks a bit like NEA. How would this vary, >> apart from the CoAP part and a different registry? Seems to me the real >> magic is how the device is interrogated such that the consumer of this >> information has confidence as to its validity. The protocol bits are the >> easy part. If people have some understanding of that magic and are willing >> to share, then this work becomes considerably more interesting. >> >> Eliot >> >> >> On 21.06.18 17:11, Hannes Tschofenig wrote: >> Hi all, >> >> I would like to make you aware of work that will be discussed on attestation >> on the EAT mailing list. Here is the link to the list: >> https://www.ietf.org/mailman/listinfo/eat >> <https://www.ietf.org/mailman/listinfo/eat> >> >> Here is a document describing the idea: >> https://tools.ietf.org/html/draft-mandyam-eat-00 >> <https://tools.ietf.org/html/draft-mandyam-eat-00> >> >> The work is relevant for IoT and non-IoT devices. >> >> Laurence and I are planning to organize a Bar BOF at the Montreal IETF >> meeting to entertain the idea. >> >> Ciao >> Hannes >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose the >> contents to any other person, use it for any purpose, or store or copy the >> information in any medium. Thank you. >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> >> >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose the >> contents to any other person, use it for any purpose, or store or copy the >> information in any medium. Thank you. > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
