| rfc9683v3.txt | rfc9683.txt | |||
|---|---|---|---|---|
| skipping to change at line 150 ¶ | skipping to change at line 150 ¶ | |||
| Additionally, this document defines the following term: | Additionally, this document defines the following term: | |||
| Attestation: The process of generating, conveying, and appraising | Attestation: The process of generating, conveying, and appraising | |||
| claims, backed by evidence, about device trustworthiness | claims, backed by evidence, about device trustworthiness | |||
| characteristics, including supply chain trust, identity, device | characteristics, including supply chain trust, identity, device | |||
| provenance, software configuration, device composition, compliance | provenance, software configuration, device composition, compliance | |||
| to test suites, functional and assurance evaluations, etc. | to test suites, functional and assurance evaluations, etc. | |||
| The goal of attestation is simply to assure an administrator or | The goal of attestation is simply to assure an administrator or | |||
| auditor that the device's configuration and software are authentic | auditor that the device's configuration and software were authentic | |||
| and has been unaltered since the device started. The determination | and unmodified when the device started. The determination of | |||
| of software authenticity is not prescribed in this document, but it's | software authenticity is not prescribed in this document, but it's | |||
| typically taken to mean a software image generated by an authority | typically taken to mean a software image generated by an authority | |||
| trusted by the administrator, such as the device manufacturer. | trusted by the administrator, such as the device manufacturer. | |||
| Within the context of the Trusted Computing Group (TCG), the scope of | Within the context of the Trusted Computing Group (TCG), the scope of | |||
| attestation is typically narrowed to describe the process by which an | attestation is typically narrowed to describe the process by which an | |||
| independent Verifier can obtain cryptographic proof as to the | independent Verifier can obtain cryptographic proof as to the | |||
| identity of the device in question, evidence of the integrity of the | identity of the device in question, evidence of the integrity of the | |||
| device's software that was loaded upon startup, and verification that | device's software that was loaded upon startup, and verification that | |||
| the current configuration matches the intended configuration. For | the current configuration matches the intended configuration. For | |||
| network equipment, a Verifier capability can be embedded in a Network | network equipment, a Verifier capability can be embedded in a Network | |||
| skipping to change at line 1473 ¶ | skipping to change at line 1473 ¶ | |||
| Version 1.0, Revision 0.41, February 2022, | Version 1.0, Revision 0.41, February 2022, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/ | <https://trustedcomputinggroup.org/wp-content/uploads/ | |||
| TCG_IWG_CEL_v1_r0p41_pub.pdf>. | TCG_IWG_CEL_v1_r0p41_pub.pdf>. | |||
| [IEEE-802-1AR] | [IEEE-802-1AR] | |||
| IEEE, "IEEE Standard for Local and Metropolitan Area | IEEE, "IEEE Standard for Local and Metropolitan Area | |||
| Networks - Secure Device Identity", IEEE Std 802.1AR-2018, | Networks - Secure Device Identity", IEEE Std 802.1AR-2018, | |||
| DOI 10.1109/IEEESTD.2018.8423794, August 2018, | DOI 10.1109/IEEESTD.2018.8423794, August 2018, | |||
| <https://doi.org/10.1109/IEEESTD.2018.8423794>. | <https://doi.org/10.1109/IEEESTD.2018.8423794>. | |||
| [IMA] "Integrity Measurement Architecture (IMA) Wiki", February | [IMA] The kernel development community, "dm-ima", Linux Kernel | |||
| 2018, <https://sourceforge.net/p/linux-ima/wiki/ | 6.11, 15 September 2024, | |||
| Home/?version=31>. | <https://www.kernel.org/doc/html/v6.11/admin-guide/device- | |||
| mapper/dm-ima.html>. The latest version can be found at | ||||
| https://docs.kernel.org/admin-guide/device-mapper/dm- | ||||
| ima.html. | ||||
| [PC-CLIENT-BIOS-TPM-2.0] | [PC-CLIENT-BIOS-TPM-2.0] | |||
| Trusted Computing Group, "TCG PC Client Specific Platform | Trusted Computing Group, "TCG PC Client Specific Platform | |||
| Firmware Profile Specification", Family "2.0", Level 00, | Firmware Profile Specification", Family "2.0", Level 00, | |||
| Version 1.05, Revision 23, May 2021, | Version 1.05, Revision 23, May 2021, | |||
| <https://trustedcomputinggroup.org/resource/pc-client- | <https://trustedcomputinggroup.org/resource/pc-client- | |||
| specific-platform-firmware-profile-specification/>. | specific-platform-firmware-profile-specification/>. | |||
| [PC-CLIENT-EFI-TPM-1.2] | [PC-CLIENT-EFI-TPM-1.2] | |||
| Trusted Computing Group, "TCG EFI Platform Specification", | Trusted Computing Group, "TCG EFI Platform Specification", | |||
| skipping to change at line 1985 ¶ | skipping to change at line 1988 ¶ | |||
| Acknowledgements | Acknowledgements | |||
| The authors wish to thank numerous reviewers for generous assistance, | The authors wish to thank numerous reviewers for generous assistance, | |||
| including William Bellingrath, Mark Baushke, Ned Smith, Henk | including William Bellingrath, Mark Baushke, Ned Smith, Henk | |||
| Birkholz, Tom Laffey, Dave Thaler, Wei Pan, Michael Eckel, Thomas | Birkholz, Tom Laffey, Dave Thaler, Wei Pan, Michael Eckel, Thomas | |||
| Hardjono, Bill Sulzen, Willard (Monty) Wiseman, Kathleen Moriarty, | Hardjono, Bill Sulzen, Willard (Monty) Wiseman, Kathleen Moriarty, | |||
| Nancy Cam-Winget, and Shwetha Bhandari. | Nancy Cam-Winget, and Shwetha Bhandari. | |||
| Authors' Addresses | Authors' Addresses | |||
| Guy Fedorkow (editor) | Guy C. Fedorkow (editor) | |||
| Juniper Networks, Inc. | Juniper Networks, Inc. | |||
| 10 Technology Park Drive | 10 Technology Park Drive | |||
| Westford, Massachusetts 01886 | Westford, Massachusetts 01886 | |||
| United States of America | United States of America | |||
| Email: gfedorkow@juniper.net | Email: gfedorkow@juniper.net | |||
| Eric Voit | Eric Voit | |||
| Cisco Systems | Cisco Systems | |||
| Email: evoit@cisco.com | Email: evoit@cisco.com | |||
| End of changes. 3 change blocks. | ||||
| 7 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||