First round of edits against #80

lamps-wg · Jan 24, 2024 · 371fd6b · 371fd6b
1 parent f264430
commit 371fd6b
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/draft-ietf-lamps-csr-attestation.md b/draft-ietf-lamps-csr-attestation.md
@@ -118,10 +118,7 @@ The certificates typically contain one or more certification paths
 rooted in a device manufacture trust anchor and the leaf certificate being
 on the device in question; the latter is the Attestation Key that signs the Evidence statement.
 
-This document specifies two ATTRIBUTE/Attribute definitions. The first
-Attribute may be used to carry a set of certificates or public keys that
-may be required to validate signed Evidence. The second Attribute carries a
-structure that may be used to convey Evidence.
+This document specifies a CSR Attribute (or Extension for CRMF CSRs) for carrying evidence. An evidence statement in an existing format can be placed into an EvidenceStatement along with an OID to identify its type and optionally a hint to the Relying Party about how to verify it. A set of EvidenceStatements may be grouped together along with the set of CertificateAlternatives needed to validate them to form a EvidenceBundle. One or more EvidenceBundles may be placed into the id-aa-evidenceStatement CSR Attribute (or CFRM Extension).
 
 A CSR may contain one or more Evidence payloads, for example Evidence
 asserting the storage properties of a private key as well Evidence
@@ -130,8 +127,9 @@ of the device, or Evidence signed using different cryptographic
 algorithms.
 
 With these attributes, additional
-information about whether to issue a certificate and what information
-to populate into the certificate is available to an RA or CA. The scope of this document is, however,
+information information is available to an RA or CA which may be used
+to decide whether to issue a certificate and what certificate profile
+to apply. The scope of this document is, however,
 limited to the conveyance of Evidence within CSR. The exact format of the
 Evidence being conveyed is defined in various standard and proprietary
 specifications.
@@ -196,7 +194,7 @@ or physically separated from the core CA functionality.
  .------------.               .----|----------.
  |            +-------------->|----'          | Compare Attestation
  |  Attester  |   Evidence    | Relying       | Result against
- |            |   in CSR      | Party (RA/CA) | policy
+ |   (HSM)    |   in CSR      | Party (RA/CA) | policy
  '------------'               '---------------'
 ~~~
 {: #fig-arch title="Architecture with Background Check Model."}