| Internet-Draft | EKU for Attestation Keys | March 2026 |
| Fiset, et al. | Expires 3 September 2026 | [Page] |
X.509 certificates ([RFC5280]) defines the Extended Key Usage (EKU) extension and specifies several key purpose identifiers (KeyPurposeIds) for use with that extension. This document defines a KeyPurposeId for the purpose of signing Evidence to provide remote attestation functions as defined in the RATS Architecture ([RFC9334]).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 September 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Key purpose identifiers (KeyPurposeId) are added to the Extended Key Usage (EKU) extension of X.509 certificates to express the intent of the certified key. It is used to further define the basic purpose indicated in the key usage (KU) extension.¶
This specification introduces the KeyPurposeId id-kp-attestationKey for X.509 certificates that endorse Attestation Keys
for the purpose of validating Evidence.¶
Attesters, as defined in RATS [RFC9334], can use cryptographic private keys to identify the origin of generated Evidence and to protect its integrity. Those private keys are referred to as Attestation Keys.¶
Attestation Keys can be endorsed by a Certification Authority (CA) by issuing X.509 certificates (see [RFC5280]). Those certificates SHOULD include an extended key usage to indicate that the certified key is dedicated to the purpose of signing Evidence.¶
Verifiers responsible of validating Evidence generated by an Attester use the CA's endorsement (X.509 certificate) to support the appraisal process.¶
The KeyPurposeId id-kp-attestationKey allows the Verifier to trust that the associated key is controlled according to the
guidance proposed in this specification.¶
A Hardware Security Module (HSM) is designed to generate Evidence about itself and cryptographic keys that it hosts. For the purpose of generating Evidence, an Attestation Key is dedicated for this purpose and endorsed by the manufacturing CA.¶
The Attestation Key is not the only key endorsed by the manufacturing CA as many cryptographic signing keys are necessary to manage a HSM. As a result, there are many X.509 certificates issued to the HSM by the manufacturing CA.¶
A Verifier responsible of appraising Evidence generated by the HSM must ensure that the Attestation Key was used. Evidence signed by a different key, even if endorsed by the same manufacturing CA, can not be trusted. The key purpose introduced in this specification allows Verifiers to determine during validation if a cryptographic key was intended to be used for signing Evidence.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Much of the terms used in this specification are borrowed from RATS ([RFC9334]). Readers of this specification should review the RATS Architecture and its terminology to put in context the text presented in this specification.¶
A key under the control of the Attester and reserved for the purpose of signing Evidence.¶
Role defined in [RFC9334] and assigned to entities responsible of generating Evidence.¶
The term Evidence respects the definition offered in [RFC9334]. Evidence is composed of claims and may include information such as configuration data, measurements and telemetry.¶
Remote ATtestation procedureS. Refers to a working group within IETF and all the documents developed under this umbrella of effort. This specification is developed to support concepts developed in RATS but more particularly refers to the RATS Architecture as introduced in [RFC9334].¶
Role defined in [RFC9334] and assigned to entities responsible of appraising the Evidence generated by an Attester.¶
This specification defines the KeyPurposeId id-kp-attestationKey. This KeyPurposeId
is reserved for endorsement of Attestation Keys. In other words, the intent of the certified key is
to be dedicated to the signing of Evidence.¶
As described in [RFC5280], the EKU extension "MAY, at the option of the certificate issuer, be either critical or non-critical". Selecting to identify the EKU extension as critical might have significant impacts on the overall system performance and this decision is left to the issuing authority.¶
Also specified in [RFC5280], "[i]f multiple purposes are indicated the application need not recognize
all purposes indicated, as long as the intended purpose is present". Since Attestation Keys should be
dedicated to the purpose of signing Evidence, this specification RECOMMENDS that EKUs with the
KeyPurposeId id-kp-attestationKey not include any other key purpose.¶
This specification RECOMMENDS that the extension Key Usage (KU) be included for the endorsement of Attestation Keys. Furthermore, if the KU extension is included, it SHOULD be set to "digital signature".¶
In [RFC9334], the Verifier is the role that appraises the Evidence produced by an
Attester. As part of the verification process, the Verifier assesses endorsements. A X.509
certificate containing the EKU id-kp-attestationKey is an endorsement of the Attester by the issuing authority.¶
A Verifier MAY reject Evidence if the X.509 certificate issued to the signing key does not contain an EKU
extension specifying the key purpose id-kp-attestationKey.¶
A Verifier MAY reject Evidence if the X.509 certificate issued to the signing key contains an EKU extension with
a key purpose other than id-kp-attestationKey.¶
A Verifier SHOULD reject Evidence if the X.509 certificate issued to the signing key contains a KU extension with a basic purpose other than "digital signature".¶
An Attestation Key SHOULD be used by an Attester only to digitally sign evidence that the Attester can observe in the target environment. The Attester SHOULD NOT use the Attestation Key for any other purpose (dedication).¶
An Attestation Key SHOULD be under the sole control of the Attester identified in the X.509 certificate. This constraint is to ensure that another entity can not impersonate the Attester (non-repudiation).¶
Attestation Keys are instantiated and operated on by cryptographic modules. These modules MUST provide the services required to accomplish the recommendations proposed in this specification.¶
The mechanisms used to perform those restrictions are out of scope for this specification.¶
[RFC5280] introduces security considerations that are applicable to this specification.
The EKU purpose id-kp-attestationKey does not introduce additional security risks.
On the other hand, the adoption of this extended key purpose mitigates specific cross-protocol attacks in
relation to use of Attestation Keys.¶
The RATS Architecture ([RFC9334]) offers many security considerations that should be reviewed by implementers of this specification.¶
For the ASN.1 module found in Appendix A, IANA is requested to assign an object identifier for the module identifier (TBD0) with a description of "id-mod-attestation-eku-2025". This should be allocated in the "SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0).¶
For the ASN.1 module found in Appendix A, IANA is requested to assign an object identifier for the extended key usage value (XX) with a description of "id-kp-attestationKey". This should be allocated in the "SMI Security for PKIX Extended Key Purpose" registry (1.3.6.1.5.5.7.3).¶
The following module adheres to ASN.1 specifications [X.680] and [X.690]. It defines the OID used for Attestation Key Extended Key Usage.¶
AttestationEKU-2025 { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-attestation-eku-2025(TBD0) }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL --
-- IMPORTS NOTHING --
-- OID Arc --
id-kp OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) kp(3) }
-- Attestation Key Extended Key Usage --
id-kp-attestationKey OBJECT IDENTIFIER ::= { id-kp XX }
END
¶
TODO acknowledge.¶