**Session Date/Time:** 06 Nov 2024 13:00 # acme ## Summary This meeting covered the status of several ACME-related drafts, a new proposal for public key challenges, and a discussion on ACME-based attestation using RATS. Key topics included document progress in the RFC editor queue, proposed naming changes, and the exploration of attestation beyond WebAuthn. ## Key Discussion Points * **ACME Integrations RFC:** Remains in the RFC editor queue, awaiting dependencies. * **ACME DTN node ID:** Awaiting updates from the DTN working group. A short working group last call will be initiated after a minor naming update is made. * **Estonion:** Publication requested and is with Deb. * **Acme IRA:** Publication requested with some clarifications being discussed. * **Public Key Challenge:** A new draft proposing a new ACME challenge type to track public key information throughout the ACME process to prevent public key replacement attacks. * **ACME RATS:** Discussion of a more generic attestation mechanism for ACME, extending beyond WebAuthn to cover a wider range of attestation scenarios, particularly related to device management and security posture. Use cases discussed involved obtaining S-MIME certificates based on corporate MDM enrollment. Differentiated authorization (proving ownership) from attestation (proving platform characteristics). ## Decisions and Action Items * **ACME DTN node ID:** The chairs will initiate a short working group last call for the draft after the author updates it with the agreed-upon naming change. * **Public Key Challenge:** The authors will send a message to the mailing list reminding people to read the draft and provide feedback. * **ACME RATS:** The authors (Michael Hutchinson, Peter Campbell, and Thomas Fossati) will work on a draft for a generic attestation mechanism based on RATS. ## Next Steps * Authors to update and resubmit drafts as needed. * Working group last call to be initiated for ACME DTN node ID. * Authors to collaborate on an initial draft for ACME RATS. * Participants to review the "Public Key Challenge" draft and provide feedback on the mailing list.