Internet Assigned Numbers Authority Remote Attestation Procedures (RATS) Created 2024-07-26 Last Updated 2024-08-02 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registry included below • Entity Attestation Token (EAT) Intended Uses Entity Attestation Token (EAT) Intended Uses Registration Procedure(s) Expert Review Expert(s) Unassigned Reference [RFC-ietf-rats-eat-30] Available Formats [IMG] CSV Value Description Reference 0 Reserved [RFC-ietf-rats-eat-30] 1 Generic attestation describes an application where the EAT consumer requires the most up-to-date security [RFC-ietf-rats-eat-30] assessment of the attesting entity. It is expected that this is the most commonly-used application of EAT. Entities that are registering for a new service may be expected to provide an attestation as part of the 2 registration process. This "intuse" setting indicates that the attestation is not intended for any use but [RFC-ietf-rats-eat-30] registration. Entities may be provisioned with different values or settings by an EAT consumer. Examples include key material or 3 device management trees. The consumer may require an EAT to assess entity security state of the entity prior to [RFC-ietf-rats-eat-30] provisioning. Certification Authorities (CAs) may require attestation results (which in a background check model might require 4 receiving evidence to be passed to a verifier) to make decisions about the issuance of certificates. An EAT may be [RFC-ietf-rats-eat-30] used as part of the certificate signing request (CSR). An EAT consumer may require an attestation as part of an accompanying proof-of-possession (PoP) application. More 5 precisely, a PoP transaction is intended to provide to the recipient cryptographically-verifiable proof that the [RFC-ietf-rats-eat-30] sender has possession of a key. This kind of attestation may be necessary to verify the security state of the entity storing the private key used in a PoP application. 6-255 Unassigned Licensing Terms