Session Date/Time: 06 Nov 2024 13:00

acme

Summary

This meeting covered the status of several ACME-related drafts, a new proposal for public key challenges, and a discussion on ACME-based attestation using RATS. Key topics included document progress in the RFC editor queue, proposed naming changes, and the exploration of attestation beyond WebAuthn.

Key Discussion Points

ACME Integrations RFC: Remains in the RFC editor queue, awaiting dependencies.
ACME DTN node ID: Awaiting updates from the DTN working group. A short working group last call will be initiated after a minor naming update is made.
Estonion: Publication requested and is with Deb.
Acme IRA: Publication requested with some clarifications being discussed.
Public Key Challenge: A new draft proposing a new ACME challenge type to track public key information throughout the ACME process to prevent public key replacement attacks.
ACME RATS: Discussion of a more generic attestation mechanism for ACME, extending beyond WebAuthn to cover a wider range of attestation scenarios, particularly related to device management and security posture. Use cases discussed involved obtaining S-MIME certificates based on corporate MDM enrollment. Differentiated authorization (proving ownership) from attestation (proving platform characteristics).

Decisions and Action Items

ACME DTN node ID: The chairs will initiate a short working group last call for the draft after the author updates it with the agreed-upon naming change.
Public Key Challenge: The authors will send a message to the mailing list reminding people to read the draft and provide feedback.
ACME RATS: The authors (Michael Hutchinson, Peter Campbell, and Thomas Fossati) will work on a draft for a generic attestation mechanism based on RATS.

Next Steps

Authors to update and resubmit drafts as needed.
Working group last call to be initiated for ACME DTN node ID.
Authors to collaborate on an initial draft for ACME RATS.
Participants to review the "Public Key Challenge" draft and provide feedback on the mailing list.