Script updating gh-pages from 61b961d. [ci skip]

lamps-wg · Jan 30, 2025 · 53e857e · 53e857e
1 parent 032d3a0
commit 53e857e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/passport/draft-ietf-lamps-csr-attestation.html b/passport/draft-ietf-lamps-csr-attestation.html
@@ -1349,7 +1349,8 @@ <h2 id="name-introduction">
 As remote attestation technology matures, it is natural for a Certification Authority to want proof that the requesting entity is in a state that matches the certificate profile.
 At the time of writing, the most notable example is the Code-Signing Baseline Requirements (CSBR) document maintained by the CA/Browser Forum <span>[<a href="#CSBR" class="cite xref">CSBR</a>]</span>, which requires compliant CAs to "ensure that a Subscriber’s Private Key is generated, stored,
 and used in a secure environment that has controls to prevent theft or misuse", which is a natural fit to enforce via remote attestation.<a href="#section-1-2" class="pilcrow">¶</a></p>
-<p id="section-1-3">This specification defines an attribute and an extension that allow for conveyance of Evidence and Attestation Results in Certificate Signing Requests (CSRs), such as PKCS#10 <span>[<a href="#RFC2986" class="cite xref">RFC2986</a>]</span> or Certificate Request Message Format (CRMF) <span>[<a href="#RFC4211" class="cite xref">RFC4211</a>]</span> payloads. This provides an elegant and automatable mechanism for transporting Evidence and Attestation Results to a Certification Authority, whilemeeting requirements such as those outlined in the CA/B Forum's CSBR <span>[<a href="#CSBR" class="cite xref">CSBR</a>]</span>.<a href="#section-1-3" class="pilcrow">¶</a></p>
+<p id="section-1-3">This specification defines an attribute and an extension that allow for conveyance of Evidence and Attestation Results in Certificate Signing Requests (CSRs), such as PKCS#10 <span>[<a href="#RFC2986" class="cite xref">RFC2986</a>]</span> or Certificate Request Message Format (CRMF) <span>[<a href="#RFC4211" class="cite xref">RFC4211</a>]</span> payloads.
+This CSR extension satisfies CA/B Forum's CSBR <span>[<a href="#CSBR" class="cite xref">CSBR</a>]</span> requirements for key protection assurance.<a href="#section-1-3" class="pilcrow">¶</a></p>
 <p id="section-1-4">As outlined in the IETF RATS architecture <span>[<a href="#RFC9334" class="cite xref">RFC9334</a>]</span>, an Attester (typically a device) produces a signed collection of Claims that constitute Evidence about its running environment(s). The term "attestation" is not explicitly defined in RFC 9334 but was later clarified in <span>[<a href="#I-D.ietf-rats-tpm-based-network-device-attest" class="cite xref">I-D.ietf-rats-tpm-based-network-device-attest</a>]</span>. It refers to the process of generating and evaluating remote attestation Evidence.<a href="#section-1-4" class="pilcrow">¶</a></p>
 <p id="section-1-5">After the Verifier appraises the Evidence, it generates a new structure called the Attestation Result. A Relying Party utilizes these Attestation Result to make policy decisions regarding the trustworthiness of the Attester's Target Environment. <a href="#architecture" class="auto internal xref">Section 3</a> serves as the foundation to demonstrate in this document how the various roles within the RATS architecture correspond to a certificate requester and a CA/RA.<a href="#section-1-5" class="pilcrow">¶</a></p>
 <p id="section-1-6">The IETF RATS architecture defines two communication patterns: the background check model and the passport model. In the background check model, the Relying Party receives Evidence in the CSR from the Attester and must interact with the Verifier to obtain the Attestation Result. In contrast, the passport model requires the Attester to first interact with the Verifier to obtain the Attestation Result before engaging with the Relying Party. This specification supports both communication patterns.<a href="#section-1-6" class="pilcrow">¶</a></p>

diff --git a/passport/draft-ietf-lamps-csr-attestation.txt b/passport/draft-ietf-lamps-csr-attestation.txt
@@ -159,10 +159,9 @@ Table of Contents
    This specification defines an attribute and an extension that allow
    for conveyance of Evidence and Attestation Results in Certificate
    Signing Requests (CSRs), such as PKCS#10 [RFC2986] or Certificate
-   Request Message Format (CRMF) [RFC4211] payloads.  This provides an
-   elegant and automatable mechanism for transporting Evidence and
-   Attestation Results to a Certification Authority, whilemeeting
-   requirements such as those outlined in the CA/B Forum's CSBR [CSBR].
+   Request Message Format (CRMF) [RFC4211] payloads.  This CSR extension
+   satisfies CA/B Forum's CSBR [CSBR] requirements for key protection
+   assurance.
 
    As outlined in the IETF RATS architecture [RFC9334], an Attester
    (typically a device) produces a signed collection of Claims that