<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-fossati-seat-expat-03" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Application Layer Attestation">Remote Attestation with Exported Authenticators</title>
    <seriesInfo name="Internet-Draft" value="draft-fossati-seat-expat-03"/>
    <author initials="M. U." surname="Sardar" fullname="Muhammad Usama Sardar">
      <organization>TU Dresden</organization>
      <address>
        <email>muhammad_usama.sardar@tu-dresden.de</email>
      </address>
    </author>
    <author initials="T." surname="Fossati" fullname="Thomas Fossati">
      <organization>Linaro</organization>
      <address>
        <email>thomas.fossati@linaro.org</email>
      </address>
    </author>
    <author fullname="Tirumaleswar Reddy">
      <organization>Nokia</organization>
      <address>
        <postal>
          <city>Bangalore</city>
          <region>Karnataka</region>
          <country>India</country>
        </postal>
        <email>k.tirumaleswar_reddy@nokia.com</email>
      </address>
    </author>
    <author initials="Y." surname="Sheffer" fullname="Yaron Sheffer">
      <organization>Intuit</organization>
      <address>
        <email>yaronf.ietf@gmail.com</email>
      </address>
    </author>
    <author fullname="Hannes Tschofenig">
      <organization abbrev="UniBw M.">University of the Bundeswehr Munich</organization>
      <address>
        <postal>
          <city>Neubiberg</city>
          <region>Bavaria</region>
          <code>85577</code>
          <country>Germany</country>
        </postal>
        <email>hannes.tschofenig@gmx.net</email>
      </address>
    </author>
    <author initials="I." surname="Mihalcea" fullname="Ionut Mihalcea">
      <organization>Arm Limited</organization>
      <address>
        <email>ionut.mihalcea@arm.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="04"/>
    <area>Security</area>
    <workgroup>SEAT Working Group</workgroup>
    <keyword>Attestation</keyword>
    <keyword>TLS</keyword>
    <keyword>Exported Authenticators</keyword>
    <abstract>
      <?line 97?>

<t>This specification defines a method for two parties in a communication interaction to exchange Evidence and Attestation Results using exported authenticators, as defined in <xref target="RFC9261"/>. Additionally, it introduces the <tt>cmw_attestation</tt> extension, which allows attestation credentials to be included directly in the Certificate message sent during the Exported Authenticator-based post-handshake authentication. The approach supports both the passport and background check models from the RATS architecture while ensuring that attestation remains bound to the underlying communication channel.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://tls-attestation.github.io/exported-attestation/draft-fossati-seat-expat.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-fossati-seat-expat/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        SEAT Working Group mailing list (<eref target="mailto:seat@ietf.org"/>),
        which is archived at <eref target="https://datatracker.ietf.org/wg/seat/about/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/seat/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/tls-attestation/exported-attestation"/>.</t>
    </note>
  </front>
  <middle>
    <?line 102?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>There is a growing need to demonstrate to a remote party that cryptographic keys are stored in a secure element, the device is in a known good state, secure boot has been enabled, and that low-level software and firmware have not been tampered with. Remote attestation provides this capability.</t>
      <t>More technically, an Attester produces a signed collection of Claims that constitute Evidence about its running environment(s). A Relying Party may consult an Attestation Result produced by a Verifier that has appraised the Evidence to make policy decisions regarding the trustworthiness of the Target Environment being assessed. This is, in essence, what <xref target="RFC9334"/> defines.</t>
      <t>At the time of writing, several standard and proprietary remote attestation technologies are in use. This specification aims to remain as technology-agnostic as possible concerning implemented remote attestation technologies. To streamline attestation in TLS, this document introduces the cmw_attestation extension, which allows attestation credentials to be conveyed directly in the Certificate message during the Exported Authenticator-based post-handshake authentication. This eliminates reliance on real-time certificate issuance from a Certificate Authority (CA), reducing handshake delays while ensuring Evidence remains bound to the TLS connection. The extension supports both the passport and background check models from the RATS architecture, enhancing flexibility for different deployment scenarios.</t>
      <t>This document builds upon three foundational specifications:</t>
      <ul spacing="normal">
        <li>
          <t>RATS (Remote Attestation Procedures) Architecture <xref target="RFC9334"/>: It defines how remote attestation systems establish trust between parties by exchanging Evidence and Attestation Results. These interactions can follow different models, such as the passport or the background check model, depending on the order of data flow in the system.</t>
        </li>
        <li>
          <t>TLS Exported Authenticators <xref target="RFC9261"/>: It offers bi-directional post-handshake authentication. Once a TLS connection is established, both peers can send an authenticator request message at any point after the handshake. This message from the server and the client uses the CertificateRequest and the ClientCertificateRequest messages, respectively. The peer receiving the authenticator request message can respond with an Authenticator consisting of Certificate, CertificateVerify, and Finished messages. These messages can then be validated by the other peer.</t>
        </li>
        <li>
          <t>RATS Conceptual Messages Wrapper (CMW) <xref target="I-D.ietf-rats-msg-wrap"/>: CMW provides a structured encapsulation of Evidence and Attestation Result, abstracting the underlying attestation technology.</t>
        </li>
      </ul>
      <t>This specification introduces the cmw_attestation extension, enabling Evidence to be included directly in the Certificate message during the Exported Authenticator-based post-handshake authentication defined in <xref target="RFC9261"/>.</t>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <t>The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals as shown here.</t>
      <t>The reader is assumed to be familiar with the vocabulary and concepts defined in <xref target="RFC9334"/> and <xref target="RFC9261"/>.</t>
      <t>"Remote attestation credentials", or "attestation credentials", is used to refer to both Evidence and attestation results, when no distinction needs to be made between them.</t>
    </section>
    <section anchor="cmwattestation-extension-to-the-authenticators-certificate-message">
      <name>cmw_attestation Extension to the Authenticator's Certificate message</name>
      <t>This document introduces a new extension, called <tt>cmw_attestation</tt>, to the Authenticator's Certificate message.
This extension allows Evidence or Attestation Results to be included in the extensions field of the end-entity certificate in the Authenticator's Certificate message.</t>
      <t>As defined in <xref section="4.4.2" sectionFormat="of" target="I-D.ietf-tls-rfc8446bis"/>, the TLS Certificate message consists of a certificate_list, which is a sequence of CertificateEntry structures. Each CertificateEntry contains a certificate and a set of associated extensions. The cmw_attestation extension MUST appear only in the first CertificateEntry of the Certificate message and applies exclusively to the end-entity certificate. It MUST NOT be included in entries corresponding to intermediate or trust anchor certificates. This design ensures that attestation information is tightly bound to the entity being authenticated.</t>
      <t>The cmw_attestation extension is only included in the Certificate message during Exported Authenticator-based post-handshake authentication. This ensures that the attestation credentials are conveyed within the Certificate message, eliminating the need for modifications to the X.509 certificate structure.</t>
      <artwork><![CDATA[
struct {
    opaque cmw_data<1..2^16-1>;
} CMWAttestation;
]]></artwork>
      <t>cmw_data: Encapsulates the attestation credentials in CMW format <xref target="I-D.ietf-rats-msg-wrap"/>. The cmw_data field is encoded using CBOR or JSON.</t>
      <t>This approach eliminates the need for real-time certificate issuance from a Certificate Authority (CA) and minimizes handshake delays. Typically, CAs require several seconds to minutes to issue a certificate due to verification steps such as validating subject identity, signing the certificate, and distributing it. These delays introduce latency into the TLS handshake, making real-time certificate generation impractical. The cmw_attestation extension circumvents this issue by embedding attestation data within the Certificate message itself, removing reliance on external certificate issuance processes.</t>
      <section anchor="negotiation">
        <name>Negotiation of the cmw_attestation Extension</name>
        <t>Negotiation of support cmw_attestation extension follows the model defined in <xref section="5.2" sectionFormat="of" target="RFC9261"/>.</t>
        <t>Endpoints that wish to receive attestation credentials using Exported Authenticators MUST indicate support by including an empty cmw_attestation extension in the CertificateRequest or ClientCertificateRequest message.
The presence of this empty extension indicates that the requester understands this specification and is willing to process an attestation credential in the peer's Certificate message.</t>
        <t>An endpoint that supports this extension and receives a request containing it MAY include the cmw_attestation extension in its Certificate message, populated with attestation data. If the <tt>cmw_attestation</tt> extension appears in a Certificate message without it having been previously offered in the corresponding request, the receiver MUST abort the authenticator verification with an "unsupported_extension" alert. As specified in <xref section="9.3" sectionFormat="of" target="I-D.ietf-tls-rfc8446bis"/>, endpoints that do not recognize the cmw_attestation extension in a CertificateRequest or
ClientCertificateRequest MUST ignore it and continue processing the message as if the extension were absent.</t>
      </section>
      <section anchor="usage-in-exported-authenticator-based-post-handshake-authentication">
        <name>Usage in Exported Authenticator-based Post-Handshake Authentication</name>
        <t>The <tt>cmw_attestation</tt> extension is designed to be used exclusively in Exported Authenticator-based post-handshake authentication as defined in <xref target="RFC9261"/>. It allows attestation credentials to be transmitted in the Authenticator's Certificate message only in response to an Authenticator Request. This ensures that attestation credentials are provided on demand rather than being included in the initial TLS handshake.</t>
        <t>To maintain a cryptographic binding between the Evidence and the authentication request, the <tt>cmw_attestation</tt> extension MUST be associated with the <tt>certificate_request_context</tt> of the corresponding CertificateRequest or ClientCertificateRequest message (from the Server or Client, respectively). This association ensures that the Evidence is specific to the authentication event.</t>
      </section>
      <section anchor="ensuring-compatibility-with-x509-certificate-validation">
        <name>Ensuring Compatibility with X.509 Certificate Validation</name>
        <t>The <tt>cmw_attestation</tt> extension does not modify or replace X.509 certificate validation mechanisms. It serves as an additional source of authentication data rather than altering the trust model of PKI-based authentication. Specifically:</t>
        <ul spacing="normal">
          <li>
            <t>Certificate validation (e.g., signature verification, revocation checks) MUST still be performed according to TLS <xref target="I-D.ietf-tls-rfc8446bis"/> and PKIX <xref target="RFC5280"/>.</t>
          </li>
          <li>
            <t>The attestation credentials carried in <tt>cmw_attestation</tt> MUST NOT be used as a substitute for X.509 certificate validation but can be used alongside standard certificate validation for additional security assurances.</t>
          </li>
          <li>
            <t>Implementations MAY reject connections where the certificate is valid but the attestation credentials is missing or does not meet security policy.</t>
          </li>
        </ul>
      </section>
      <section anchor="applicability-to-client-and-server-authentication">
        <name>Applicability to Client and Server Authentication</name>
        <t>The <tt>cmw_attestation</tt> extension is applicable to both client and server authentication in Exported Authenticator-based post-handshake authentication.</t>
        <t>In TLS, one party acts as the Relying Party, and the other party acts as the Attester. Either the client or the server may fulfill these roles depending on the authentication direction.</t>
        <t>The Attester may respond with either:</t>
        <ul spacing="normal">
          <li>
            <t>Evidence (Background Check Model):
            </t>
            <ul spacing="normal">
              <li>
                <t>The Attester generates Evidence and includes it in the <tt>cmw_attestation</tt> extension to the Authenticator's Certificate message.</t>
              </li>
              <li>
                <t>The Relying Party forwards the Evidence to an external Verifier for evaluation and waits for an Attestation Result.</t>
              </li>
              <li>
                <t>The Relying Party grants or denies access, or continues or terminates the TLS connection, based on the Verifier's Attestation Result.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Attestation Result (Passport Model):
            </t>
            <ul spacing="normal">
              <li>
                <t>The Attester sends Evidence to a Verifier beforehand.</t>
              </li>
              <li>
                <t>The Verifier issues an Attestation Result to the Attester.</t>
              </li>
              <li>
                <t>The Attester includes the Attestation Result in the <tt>cmw_attestation</tt> extension to the Authenticator's Certificate message and sends it to the Relying Party.</t>
              </li>
              <li>
                <t>The Relying Party validates the Attestation Result directly without needing to contact an external Verifier.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>By allowing both Evidence and Attestation Results to be conveyed within <tt>cmw_attestation</tt>, this mechanism supports flexible attestation workflows depending on the chosen trust model.</t>
      </section>
    </section>
    <section anchor="architecture">
      <name>Architecture</name>
      <t>The <tt>cmw_attestation</tt> extension enables attestation credentials to be included in the Certificate message during Exported Authenticator-based post-handshake authentication, ensuring that attestation remains bound to the TLS connection.</t>
      <t>However, applications using this mechanism still need to negotiate the encoding format (e.g., JOSE or COSE) and specify how attestation credentials are processed. This negotiation can be done via application-layer signaling or predefined profiles. Future specifications may define mechanisms to streamline this negotiation.</t>
      <t>Upon receipt of a Certificate message containing the <tt>cmw_attestation</tt> extension, an endpoint MUST take the following steps to validate the attestation credentials:</t>
      <ul spacing="normal">
        <li>
          <t>Background Check Model:
          </t>
          <ul spacing="normal">
            <li>
              <t>Verify Integrity and Authenticity: The Evidence must be cryptographically verified against a known trust anchor, typically provided by the hardware manufacturer.</t>
            </li>
            <li>
              <t>Verify Certificate Request Binding and Freshness: The Evidence must be bound to the active TLS connection by verifying that the exporter value in the Evidence matches the exporter value computed using the label "Attestation Binding" and the certificate_request_context as the exporter context. This verification ensures correct connection binding, provides freshness, and prevents replay.</t>
            </li>
            <li>
              <t>Evaluate Security Policy Compliance: The Evidence must be evaluated against the Relying Party's security policies to determine if the attesting device and the private key storage meet the required criteria.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Passport Model:
          </t>
          <ul spacing="normal">
            <li>
              <t>Verify the Attestation Result: The Relying Party MUST check that the Attestation Result is correctly signed by the issuing authority and that it meets the Relying Party’s security requirements.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>By integrating <tt>cmw_attestation</tt> directly into the Certificate message during Exported Authenticator-based post-handshake authentication, this approach reduces latency and complexity while maintaining strong security guarantees.</t>
      <t>In the following examples, the server possesses an identity certificate, while the client is not authenticated during the initial TLS exchange.</t>
      <section anchor="client-as-attester">
        <name>Client as Attester</name>
        <section anchor="passport-model">
          <name>Passport Model</name>
          <t><xref target="fig-passport"/> shows the passport model.</t>
          <figure anchor="fig-passport">
            <name>Passport Model with Client as Attester</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="472" viewBox="0 0 472 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 24,48 L 24,368" fill="none" stroke="black"/>
                  <path d="M 224,48 L 224,208" fill="none" stroke="black"/>
                  <path d="M 224,280 L 224,368" fill="none" stroke="black"/>
                  <path d="M 432,48 L 432,368" fill="none" stroke="black"/>
                  <path d="M 32,96 L 216,96" fill="none" stroke="black"/>
                  <path d="M 32,192 L 216,192" fill="none" stroke="black"/>
                  <path d="M 32,240 L 424,240" fill="none" stroke="black"/>
                  <path d="M 32,272 L 424,272" fill="none" stroke="black"/>
                  <path d="M 32,368 L 216,368" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="432,240 420,234.4 420,245.6" fill="black" transform="rotate(0,424,240)"/>
                  <polygon class="arrowhead" points="224,368 212,362.4 212,373.6" fill="black" transform="rotate(0,216,368)"/>
                  <polygon class="arrowhead" points="224,96 212,90.4 212,101.6" fill="black" transform="rotate(0,216,96)"/>
                  <polygon class="arrowhead" points="40,272 28,266.4 28,277.6" fill="black" transform="rotate(180,32,272)"/>
                  <polygon class="arrowhead" points="40,192 28,186.4 28,197.6" fill="black" transform="rotate(180,32,192)"/>
                  <polygon class="arrowhead" points="40,96 28,90.4 28,101.6" fill="black" transform="rotate(180,32,96)"/>
                  <g class="text">
                    <text x="28" y="36">Client</text>
                    <text x="228" y="36">Server</text>
                    <text x="436" y="36">Verifier</text>
                    <text x="72" y="68">Regular</text>
                    <text x="120" y="68">TLS</text>
                    <text x="176" y="68">Handshake</text>
                    <text x="108" y="84">(Server-only</text>
                    <text x="184" y="84">auth)</text>
                    <text x="56" y="132">...</text>
                    <text x="92" y="132">time</text>
                    <text x="140" y="132">passes</text>
                    <text x="184" y="132">...</text>
                    <text x="88" y="164">Authenticator</text>
                    <text x="176" y="164">Request</text>
                    <text x="116" y="180">(CertificateReq)</text>
                    <text x="192" y="228">Sends</text>
                    <text x="252" y="228">Evidence</text>
                    <text x="180" y="260">Gets</text>
                    <text x="248" y="260">Attestation</text>
                    <text x="324" y="260">result</text>
                    <text x="68" y="292">Exported</text>
                    <text x="164" y="292">Authenticator(</text>
                    <text x="80" y="308">Certificate</text>
                    <text x="148" y="308">with</text>
                    <text x="100" y="324">cmw_attestation,</text>
                    <text x="108" y="340">CertificateVerify,</text>
                    <text x="72" y="356">Finished)</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
Client                   Server                   Verifier
  |                        |                         |
  |  Regular TLS Handshake |                         |
  |    (Server-only auth)  |                         |
  |<---------------------->|                         |
  |                        |                         |
  |  ... time passes ...   |                         |
  |                        |                         |
  | Authenticator Request  |                         |
  |   (CertificateReq)     |                         |
  |<-----------------------|                         |
  |                        |                         |
  |                  Sends Evidence                  |
  |------------------------------------------------->|
  |                 Gets Attestation result          |
  |<-------------------------------------------------|
  | Exported Authenticator(|                         |
  | Certificate with       |                         |
  | cmw_attestation,       |                         |
  | CertificateVerify,     |                         |
  | Finished)              |                         |
  |----------------------->|                         |
]]></artwork>
            </artset>
          </figure>
        </section>
        <section anchor="background-check-model">
          <name>Background-check Model</name>
          <t><xref target="fig-background"/> shows an example using the background-check model,
where TE represents the Target Environment and AE represents the
Attesting Environment.
The TLS Client within TE establishes a TLS connection with the Server.
At a later time, the Server triggers an Authenticator Request.
The TE requests Evidence from the AE. The Evidence produced includes the TE's TCB measurements, including those relating to the TLS Client code and configuration.
The TE embeds this Evidence into an Exported Authenticator and sends it to the Server.
The Server forwards the Evidence to a Verifier for appraisal and receives an Attestation Result.</t>
          <figure anchor="fig-background">
            <name>Background Check Model with Client as Attester</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="464" width="568" viewBox="0 0 568 464" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 16,48 L 16,432" fill="none" stroke="black"/>
                  <path d="M 176,112 L 176,128" fill="none" stroke="black"/>
                  <path d="M 176,168 L 176,256" fill="none" stroke="black"/>
                  <path d="M 176,344 L 176,432" fill="none" stroke="black"/>
                  <path d="M 376,48 L 376,432" fill="none" stroke="black"/>
                  <path d="M 528,48 L 528,432" fill="none" stroke="black"/>
                  <path d="M 24,80 L 368,80" fill="none" stroke="black"/>
                  <path d="M 24,160 L 368,160" fill="none" stroke="black"/>
                  <path d="M 24,208 L 168,208" fill="none" stroke="black"/>
                  <path d="M 24,256 L 168,256" fill="none" stroke="black"/>
                  <path d="M 24,336 L 368,336" fill="none" stroke="black"/>
                  <path d="M 384,368 L 520,368" fill="none" stroke="black"/>
                  <path d="M 384,416 L 520,416" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="528,368 516,362.4 516,373.6" fill="black" transform="rotate(0,520,368)"/>
                  <polygon class="arrowhead" points="392,416 380,410.4 380,421.6" fill="black" transform="rotate(180,384,416)"/>
                  <polygon class="arrowhead" points="376,336 364,330.4 364,341.6" fill="black" transform="rotate(0,368,336)"/>
                  <polygon class="arrowhead" points="376,80 364,74.4 364,85.6" fill="black" transform="rotate(0,368,80)"/>
                  <polygon class="arrowhead" points="176,208 164,202.4 164,213.6" fill="black" transform="rotate(0,168,208)"/>
                  <polygon class="arrowhead" points="32,256 20,250.4 20,261.6" fill="black" transform="rotate(180,24,256)"/>
                  <polygon class="arrowhead" points="32,160 20,154.4 20,165.6" fill="black" transform="rotate(180,24,160)"/>
                  <polygon class="arrowhead" points="32,80 20,74.4 20,85.6" fill="black" transform="rotate(180,24,80)"/>
                  <g class="text">
                    <text x="12" y="36">TE</text>
                    <text x="44" y="36">(TLS</text>
                    <text x="96" y="36">Client)</text>
                    <text x="180" y="36">AE</text>
                    <text x="344" y="36">TLS</text>
                    <text x="388" y="36">Server</text>
                    <text x="532" y="36">Verifier</text>
                    <text x="176" y="52">|</text>
                    <text x="64" y="68">Regular</text>
                    <text x="112" y="68">TLS</text>
                    <text x="168" y="68">Handshake</text>
                    <text x="260" y="68">(Server-only</text>
                    <text x="336" y="68">auth)</text>
                    <text x="176" y="100">|</text>
                    <text x="56" y="116">...</text>
                    <text x="92" y="116">time</text>
                    <text x="140" y="116">passes</text>
                    <text x="188" y="116">..</text>
                    <text x="80" y="148">Authenticator</text>
                    <text x="168" y="148">Request</text>
                    <text x="268" y="148">(CertificateReq)</text>
                    <text x="56" y="196">Request</text>
                    <text x="124" y="196">Evidence</text>
                    <text x="72" y="228">Attestation</text>
                    <text x="60" y="244">Evidence</text>
                    <text x="60" y="276">Exported</text>
                    <text x="200" y="276">Authenticator(Certificate</text>
                    <text x="324" y="276">with</text>
                    <text x="92" y="292">cmw_attestation,</text>
                    <text x="100" y="308">CertificateVerify,</text>
                    <text x="64" y="324">Finished)</text>
                    <text x="404" y="356">Send</text>
                    <text x="460" y="356">Evidence</text>
                    <text x="432" y="388">Attestation</text>
                    <text x="412" y="404">Result</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
 TE (TLS Client)      AE                  TLS Server           Verifier
  |                   |                        |                  |
  |  Regular TLS Handshake (Server-only auth)  |                  |
  |<------------------------------------------>|                  |
  |                   |                        |                  |
  |   ... time passes ...                      |                  |
  |                   |                        |                  |
  | Authenticator Request (CertificateReq)     |                  |
  |<-------------------------------------------|                  |
  |                   |                        |                  |
  | Request Evidence  |                        |                  |
  |------------------>|                        |                  |
  | Attestation       |                        |                  |
  | Evidence          |                        |                  |
  |<------------------|                        |                  |
  | Exported Authenticator(Certificate with    |                  |
  | cmw_attestation,                           |                  |
  | CertificateVerify,                         |                  |
  | Finished)                                  |                  |
  |------------------------------------------->|                  |
  |                   |                        | Send Evidence    |
  |                   |                        |----------------->|
  |                   |                        | Attestation      |
  |                   |                        | Result           |
  |                   |                        |<-----------------|
  |                   |                        |                  |
]]></artwork>
            </artset>
          </figure>
        </section>
      </section>
      <section anchor="server-as-attester">
        <name>Server as Attester</name>
        <t>The flow for the Server as Attester is analogous, except that it uses a ClientCertificateRequest instead of CertificateRequest.</t>
      </section>
      <section anchor="api-requirements-for-attestation-support">
        <name>API Requirements for Attestation Support</name>
        <t>To enable attestation workflows, implementations of the Exported Authenticator API MUST support the following:</t>
        <ol spacing="normal" type="1"><li>
            <t>Authenticator Generation
            </t>
            <ul spacing="normal">
              <li>
                <t>The API MUST support the inclusion of attestation credentials within the Certificate message provided as input.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Authenticator Validation
            </t>
            <ul spacing="normal">
              <li>
                <t>The API MUST support verification that the Evidence in the Certificate message is cryptographically valid and correctly bound to the TLS connection and the associated certificate_request_context.</t>
              </li>
            </ul>
          </li>
        </ol>
      </section>
    </section>
    <section anchor="binding">
      <name>Cryptographic Binding of the Evidence to the TLS Connection</name>
      <t>The cryptographic operations defined in this section bind attestation Evidence
to a specific TLS connection. This binding prevents replay and relay of attestation
Evidence across different TLS connections, and ensures that attestation Evidence
presented during a handshake corresponds to the authenticated
TLS connection in which it is conveyed.</t>
      <t>Attestation Evidence is generated by a TEE and signed using an attestation key.
The signed Evidence includes inputs originating from different trust domains.</t>
      <ul spacing="normal">
        <li>
          <t>The attestation binder is provided by the TLS stack and serves as an attestation
challenge that ensures freshness and binds the attestation to a specific TLS connection.</t>
        </li>
        <li>
          <t>A claim generated by the TEE itself, such as a hash of the AIK public key,
which ensures that the attested environment controls the AIK private key used
for TLS authentication.</t>
        </li>
      </ul>
      <section anchor="attestation-binder">
        <name>Attestation Binder</name>
        <t>The attester binds the attestation Evidence to the active TLS connection. To do so, the attester derives a
binding value using the TLS exporter. The exporter invocation uses:</t>
        <ul spacing="normal">
          <li>
            <t>the label "Attestation", and</t>
          </li>
          <li>
            <t>the certificate_request_context from the CertificateRequest message as the context_value (as defined in Section 7.5 of <xref target="I-D.ietf-tls-rfc8446bis"/>). In a Background Check model, this value contains the Verifier-provided nonce; and</t>
          </li>
          <li>
            <t>a key_length set to 256-bit (32 bytes).</t>
          </li>
        </ul>
        <artwork><![CDATA[
   TLS-Exporter("Attestation", certificate_request_context, 32)
]]></artwork>
        <t>The binding value is defined as:</t>
        <artwork><![CDATA[
   Hash(public_key || exported_value)
]]></artwork>
        <t>where exported_value is the output of the TLS exporter and public_key is the public key corresponding to the end-entity certificate used for authentication. The Hash function is the hash algorithm associated with the negotiated TLS 1.3 cipher suite (i.e., the HKDF hash).</t>
        <t>This binding value is included as an attestation challenge (or nonce) in the attestation Evidence. It binds the Evidence to the specific TLS connection and to the associated certificate_request_context, thereby providing freshness and preventing replay across TLS sessions.</t>
        <t>The TLS endpoint that receives the attestation Evidence computes the binding value using the same exporter and hash function invocation described for the attester. The endpoint either verifies the exporter binding itself or delegates this check to the Verifier. If it performs the check locally and the values do not match, the attestation Evidence is rejected. If the check is delegated, the endpoint conveys the computed binding value to the Verifier so that the comparison can be carried out during attestation validation.</t>
      </section>
      <section anchor="binding-the-authenticator-identity-key-aik-to-the-tee">
        <name>Binding the Authenticator Identity Key (AIK) to the TEE</name>
        <t>This specification assumes that the private key corresponding to the end-entity certificate carried in the exported authenticator referred to as the Authenticator Identity Key (AIK) is generated inside a TEE and never leaves it. A platform could instead generate the AIK private key outside the TEE and compute the CertificateVerify signature using that external key. A Relying Party cannot detect this attack unless additional safeguards are in place.</t>
        <t>This risk is particularly relevant in split deployments, where the TLS stack does not reside inside the TEE. In such architectures, attesting the TEE alone does not prove that the AIK private key used by the TLS endpoint was generated, is stored, or is controlled by the TEE.</t>
        <t>To address this risk, the Evidence MUST include the hash of the AIK public key (AIK_pub_hash). The AIK public key MUST be hashed using the hash algorithm associated with the negotiated TLS cipher suite for the TLS connection in which the Evidence is conveyed.</t>
        <t>The Relying Party MUST compute the hash of the AIK public key extracted from the TLS end-entity certificate using
the same hash algorithm and verify that it matches the AIK_pub_hash included in the Evidence. Successful
verification binds the attestation Evidence to the TLS identity used for authentication.</t>
      </section>
    </section>
    <section anchor="operational-overview">
      <name>Operational Overview</name>
      <t>This specification follows the Exported Authenticator model defined in Section 7 of <xref target="RFC9261"/>. In this model, the TLS stack creates and validates post-handshake authentication messages, while the application triggers the exchange and conveys the Authenticator Request and Authenticator messages between peers.</t>
      <t>Whenever attestation is required, the application initiates Exported Authenticator–based post-handshake authentication. The TLS stack constructs an Authenticator Request, using either a <tt>CertificateRequest</tt> or <tt>ClientCertificateRequest</tt> message, and indicates support for attestation by including an empty <tt>cmw_attestation</tt> extension.</t>
      <t>On the attesting side, the platform generates RATS conceptual message, either in the form of Evidence or an Attestation Result, depending on the deployment model. The TLS stack embeds the RATS conceptual message in the <tt>cmw_attestation</tt> extension and completes the Exported Authenticator by generating the corresponding <tt>CertificateVerify</tt> and <tt>Finished</tt> messages. The application then conveys the resulting Authenticator to the peer, as defined in <xref target="RFC9261"/>.</t>
      <t>Upon receipt, the application delivers the Authenticator to the TLS stack for processing. The TLS stack validates the certificate chain, the <tt>CertificateVerify</tt> signature, and the <tt>Finished</tt> message, and extracts the <tt>cmw_attestation</tt> extension. The TLS stack treats the contents of the <tt>cmw_attestation</tt> extension as opaque.</t>
      <t>If the <tt>cmw_attestation</tt> extension carries Evidence, the application acting as the Relying Party forwards it to a Verifier to obtain an Attestation Result. If the extension carries an Attestation Result, the application validates it directly. Based on the outcome of this processing, the application determines whether to continue using the TLS connection.</t>
      <t>While it is technically possible to create or validate Authenticator Requests and Authenticators at the application layer, Section 7 of <xref target="RFC9261"/> recommends that their creation and validation be handled within the TLS library.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This document inherits the security considerations of <xref target="RFC9261"/> and <xref target="RFC9334"/>. The integrity of the exported authenticators must be guaranteed, and any failure in validating Evidence SHOULD be treated as a fatal error in the communication channel. Additionally, in order to benefit from remote attestation, Evidence MUST be protected using dedicated attestation keys chaining back to a trust anchor. This trust anchor will typically be provided by the hardware manufacturer.</t>
      <t>This specification assumes that the Hardware Security Module (HSM) or Trusted Execution Environment (TEE) is responsible for generating the Authenticator Identity Key (AIK) key pair and producing either Evidence or Attestation Results. The Evidence or Attestation Results MAY be included in a Certificate Signing Request (CSR), as defined in <xref target="I-D.ietf-lamps-csr-attestation"/>, enabling the CA to verify that the AIK private key is securely generated and stored and that the platform meets the required security standards before issuing a certificate.</t>
      <section anchor="security-guarantees">
        <name>Security Guarantees</name>
        <t>Note that as a pure cryptographic protocol, attested TLS as-is only guarantees that the identity key used for TLS handshake is known by the confidential environment, such as confidential virtual machine. A number of additional guarantees must be provided by the platform and/or the TLS stack,
and the overall security level depends on their existence and quality of assurance:</t>
        <ul spacing="normal">
          <li>
            <t>The identity key used for TLS handshake is generated within the trustworthy environment, such as Trusted Platform Module (TPM) or TEE.</t>
          </li>
          <li>
            <t>The identity key used for TLS handshake is never exported or leaked outside the trustworthy environment.</t>
          </li>
          <li>
            <t>For confidential computing use cases, the TLS protocol is implemented within the confidential environment, and is implemented correctly, e.g., it does not leak any session key material.</t>
          </li>
          <li>
            <t>The TLS stack including the code that performs the post-handshake phase must be measured.</t>
          </li>
          <li>
            <t>There must be no other way to initiate generation of evidence except from signed code.</t>
          </li>
        </ul>
        <t>These properties may be explicitly promised ("attested") by the platform, or they can be assured in other ways such as by providing source code, reproducible builds, formal verification etc. The exact mechanisms are out of scope of this document.</t>
      </section>
      <section anchor="using-connection">
        <name>Using the TLS Connection</name>
        <t>Remote attestation in this document occurs within the context of a TLS handshake, and the TLS connection remains valid after this process. Care must be taken when handling this TLS connection, as both the client and server must agree that remote attestation was successfully completed before exchanging data with the attested party.</t>
        <t>Session resumption presents special challenges since it happens at the TLS level, which is not aware of the application-level Authenticator: a resumed session could be used before attestation completes, and race conditions between resumption and post-handshake attestation are possible. To avoid this, this document prohibits session resumption and 0-RTT data entirely for TLS connections in scope of this specification:</t>
        <ul spacing="normal">
          <li>
            <t>A TLS server MUST NOT send a <tt>NewSessionTicket</tt> message on any connection for which it requires remote attestation using this specification.</t>
          </li>
          <li>
            <t>A TLS client MUST NOT offer 0-RTT (<tt>early_data</tt>) on such a connection.</t>
          </li>
          <li>
            <t>As defense in depth against a non-conformant server, a TLS client that receives a <tt>NewSessionTicket</tt> message on such a connection MUST discard it and MUST NOT attempt to use it for resumption.</t>
          </li>
        </ul>
        <t>Because these connections are therefore established via a full handshake or the <xref target="I-D.ietf-tls-8773bis"/> certificate-with-external-PSK handshake, both of which include a fresh key exchange, the freshness argument in <xref target="binding"/> holds.</t>
      </section>
      <section anchor="timing-for-remote-attestation">
        <name>Timing for Remote Attestation</name>
        <t>Remote attestation MUST be completed before sending any application data to the peer.
For use cases that require only a one-time attestation for the lifetime of a TLS connection, remote attestation can be performed immediately after the TLS handshake completes.</t>
      </section>
      <section anchor="freshness">
        <name>Evidence Freshness</name>
        <t>The Evidence carried in cmw_attestation does not require an additional freshness mechanism (such as a nonce <xref target="RA-TLS"/> or a timestamp). Freshness is already ensured by the exporter value derived using the certificate_request_context, as described in <xref target="binding"/>. Because this value is bound to the active TLS connection, and because session resumption and 0-RTT data are prohibited for such connections (see <xref target="using-connection"/>), the Evidence is guaranteed to be fresh for the connection in which it is generated.</t>
        <t>The Evidence presented in this protocol is valid only at the time it is generated and presented. To ensure that the attested peer continues to operate in a secure state, remote attestation may be re-initiated periodically. In this protocol, this can be accomplished by initiating a new Exported-Authenticator–based post-handshake authentication exchange, which results in a new certificate_request_context and therefore a newly derived exporter value to maintain freshness.</t>
      </section>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <section anchor="client-as-attester-1">
        <name>Client as Attester</name>
        <t>In this section, we are assuming that the Attester is a TLS client, representing an individual person.
We are concerned about the potential leakage of privacy-sensitive information about that person, such as the correlation of different connections initiated by them.</t>
        <t>In background-check model, the Verifier not only has access to detailed information about the Attester's TCB through Evidence, but it also knows the exact time and the party (i.e., the RP) with whom the secure channel establishment is attempted <xref target="RA-TLS"/>.
The privacy implications are similar to OCSP <xref target="RFC6960"/>.
While the RP may trust the Verifier not to disclose any information it receives, the same cannot be assumed for the Attester, which generally has no prior relationship with the Verifier.
Some ways to address this include:</t>
        <ul spacing="normal">
          <li>
            <t>Attester-side redaction of privacy-sensitive evidence claims,</t>
          </li>
          <li>
            <t>Using selective disclosure (e.g., SD-JWT <xref target="I-D.ietf-oauth-selective-disclosure-jwt"/> with EAT <xref target="RFC9711"/>),</t>
          </li>
          <li>
            <t>Co-locating the Verifier role with the RP,</t>
          </li>
          <li>
            <t>Utilizing privacy-preserving attestation schemes (e.g., DAA <xref target="I-D.ietf-rats-daa"/>), or</t>
          </li>
          <li>
            <t>Utilizing Attesters manufactured with group identities (e.g., Requirement 4.1 of <xref target="FIDO-REQS"/>).</t>
          </li>
        </ul>
        <t>The last two also have the property of hiding the peer's identity from the RP.</t>
        <t>Note that the equivalent of OCSP "stapling" involves using a passport topology where the Verifier's involvement is unrelated to the TLS connection.</t>
      </section>
      <section anchor="server-as-attester-1">
        <name>Server as Attester</name>
        <t>For the case of the TLS server as the Attester, the server can ask for client authentication and only send the Evidence after successful client authentication. This limits the exposure of server's hardware-level Claims to be revealed only to authorized clients.</t>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>// Note to RFC Editor: in this section, please replace RFCthis with the RFC number assigned to this document and remove this note.</t>
      <section anchor="tls-extension-type-registration">
        <name>TLS Extension Type Registration</name>
        <t>IANA is requested to register the following new extension type in the "TLS ExtensionType Values" registry <xref target="IANA.tls-extensiontype-values"/>:</t>
        <table>
          <thead>
            <tr>
              <th align="left">Value</th>
              <th align="left">Extension Name</th>
              <th align="left">TLS 1.3</th>
              <th align="left">DTLS-Only</th>
              <th align="left">Recommended</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD</td>
              <td align="left">cmw_attestation</td>
              <td align="left">CT</td>
              <td align="left">N</td>
              <td align="left">Yes</td>
              <td align="left">RFCthis</td>
            </tr>
          </tbody>
        </table>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="I-D.ietf-tls-rfc8446bis">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="Eric Rescorla" initials="E." surname="Rescorla">
              <organization>Independent</organization>
            </author>
            <date day="13" month="September" year="2025"/>
            <abstract>
              <t>   This document specifies version 1.3 of the Transport Layer Security
   (TLS) protocol.  TLS allows client/server applications to communicate
   over the Internet in a way that is designed to prevent eavesdropping,
   tampering, and message forgery.

   This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes
   RFCs 5077, 5246, 6961, 8422, and 8446.  This document also specifies
   new requirements for TLS 1.2 implementations.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-rfc8446bis-14"/>
        </reference>
        <reference anchor="RFC9261">
          <front>
            <title>Exported Authenticators in TLS</title>
            <author fullname="N. Sullivan" initials="N." surname="Sullivan"/>
            <date month="July" year="2022"/>
            <abstract>
              <t>This document describes a mechanism that builds on Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) and enables peers to provide proof of ownership of an identity, such as an X.509 certificate. This proof can be exported by one peer, transmitted out of band to the other peer, and verified by the receiving peer.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9261"/>
          <seriesInfo name="DOI" value="10.17487/RFC9261"/>
        </reference>
        <reference anchor="I-D.ietf-rats-msg-wrap">
          <front>
            <title>RATS Conceptual Messages Wrapper (CMW)</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
              <organization>Independent</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Dionna Glaze" initials="D." surname="Glaze">
              <organization>Google LLC</organization>
            </author>
            <date day="11" month="December" year="2025"/>
            <abstract>
              <t>   The Conceptual Messages introduced by the RATS architecture (RFC
   9334) are protocol-agnostic data units that are conveyed between RATS
   roles during remote attestation procedures.  Conceptual Messages
   describe the meaning and function of such data units within RATS data
   flows without specifying a wire format, encoding, transport
   mechanism, or processing details.  The initial set of Conceptual
   Messages is defined in Section 8 of RFC 9334 and includes Evidence,
   Attestation Results, Endorsements, Reference Values, and Appraisal
   Policies.

   This document introduces the Conceptual Message Wrapper (CMW) that
   provides a common structure to encapsulate these messages.  It
   defines a dedicated CBOR tag, corresponding JSON Web Token (JWT) and
   CBOR Web Token (CWT) claims, and an X.509 extension.

   This allows CMWs to be used in CBOR-based protocols, web APIs using
   JWTs and CWTs, and PKIX artifacts like X.509 certificates.
   Additionally, the draft defines a media type and a CoAP content
   format to transport CMWs over protocols like HTTP, MIME, and CoAP.

   The goal is to improve the interoperability and flexibility of remote
   attestation protocols.  Introducing a shared message format such as
   CMW enables consistent support for different attestation message
   types, evolving message serialization formats without breaking
   compatibility, and avoiding the need to redefine how messages are
   handled within each protocol.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-msg-wrap-23"/>
        </reference>
        <reference anchor="I-D.ietf-tls-8773bis">
          <front>
            <title>TLS 1.3 Extension for Using Certificates with an External Pre-Shared Key</title>
            <author fullname="Russ Housley" initials="R." surname="Housley">
              <organization>Vigil Security, LLC</organization>
            </author>
            <date day="5" month="September" year="2025"/>
            <abstract>
              <t>   This document specifies a TLS 1.3 extension that allows TLS clients
   and servers to authenticate with certificates and provide
   confidentiality based on encryption with a symmetric key from the
   usual key agreement algorithm and an external pre-shared key (PSK).
   This Standards Track RFC (once approved) obsoletes RFC 8773, which
   was an Experimental RFC.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-8773bis-13"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="IANA.tls-extensiontype-values" target="https://www.iana.org/assignments/tls-extensiontype-values">
          <front>
            <title>Transport Layer Security (TLS) Extensions</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.ietf-lamps-csr-attestation">
          <front>
            <title>Use of Remote Attestation with Certification Signing Requests</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Siemens</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Monty Wiseman" initials="M." surname="Wiseman">
              <organization>Independent</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
         </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   Certification Authorities (CAs) issuing certificates to Public Key
   Infrastructure (PKI) end entities may require a certificate signing
   request (CSR) to include additional verifiable information to confirm
   policy compliance.  For example, a CA may require an end entity to
   demonstrate that the private key corresponding to a CSR's public key
   is secured by a hardware security module (HSM), is not exportable,
   etc.  The process of generating, transmitting, and verifying
   additional information required by the CA is called remote
   attestation.  While work is currently underway to standardize various
   aspects of remote attestation, a variety of proprietary mechanisms
   have been in use for years, particularly regarding protection of
   private keys.

   This specification defines ASN.1 structures which may carry
   attestation data for PKCS#10 and Certificate Request Message Format
   (CRMF) messages.  Both standardized and proprietary attestation
   formats are supported by this specification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-csr-attestation-28"/>
        </reference>
        <reference anchor="RA-TLS">
          <front>
            <title>Towards Validation of TLS 1.3 Formal Model and Vulnerabilities in Intel’s RA-TLS Protocol</title>
            <author fullname="Muhammad Usama Sardar" initials="M." surname="Sardar">
              <organization>Faculty of Computer Science, Technical University of Dresden, Dresden, Germany</organization>
            </author>
            <author fullname="Arto Niemi" initials="A." surname="Niemi">
              <organization>Huawei Technologies Oy, Helsinki, Finland</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Department of Computer Science, University of Applied Sciences Bonn-Rhein-Sieg and Siemens, Sankt Augustin, Germany</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro, Lausanne, Switzerland</organization>
            </author>
            <date year="2024"/>
          </front>
          <seriesInfo name="IEEE Access" value="vol. 12, pp. 173670-173685"/>
          <seriesInfo name="DOI" value="10.1109/access.2024.3497184"/>
          <refcontent>Institute of Electrical and Electronics Engineers (IEEE)</refcontent>
        </reference>
        <reference anchor="RelayAttacks" target="https://www.researchgate.net/publication/408219182_Intra-handshakefail_CVE-2026-33697_High-severity_CVE_in_Attested_TLS">
          <front>
            <title>Intra-handshake.fail (CVE-2026-33697): High-severity CVE in Attested TLS</title>
            <author initials="M. U." surname="Sardar">
              <organization/>
            </author>
            <author initials="V." surname="Dubeyko">
              <organization/>
            </author>
            <author initials="J.-M." surname="Jacquet">
              <organization/>
            </author>
            <date year="2026" month="June"/>
          </front>
        </reference>
        <reference anchor="ID-Crisis">
          <front>
            <title>Identity Crisis in Confidential Computing: Formal Analysis of Attested TLS</title>
            <author fullname="Muhammad Usama Sardar" initials="M." surname="Sardar">
              <organization>TU Dresden, Dresden, Germany</organization>
            </author>
            <author fullname="Mariam Moustafa" initials="M." surname="Moustafa">
              <organization>Aalto University, Espoo, Finland</organization>
            </author>
            <author fullname="Tuomas Aura" initials="T." surname="Aura">
              <organization>Aalto University, Espoo, Finland</organization>
            </author>
            <date month="June" year="2026"/>
          </front>
          <seriesInfo name="Proceedings of the ACM Asia Conference on Computer and Communications Security" value="pp. 547-560"/>
          <seriesInfo name="DOI" value="10.1145/3779208.3785387"/>
          <refcontent>ACM</refcontent>
        </reference>
        <reference anchor="RFC9711">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author fullname="L. Lundblade" initials="L." surname="Lundblade"/>
            <author fullname="G. Mandyam" initials="G." surname="Mandyam"/>
            <author fullname="J. O'Donoghue" initials="J." surname="O'Donoghue"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>An Entity Attestation Token (EAT) provides an attested claims set that describes the state and characteristics of an entity, a device such as a smartphone, an Internet of Things (IoT) device, network equipment, or such. This claims set is used by a relying party, server, or service to determine the type and degree of trust placed in the entity.</t>
              <t>An EAT is either a CBOR Web Token (CWT) or a JSON Web Token (JWT) with attestation-oriented claims.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9711"/>
          <seriesInfo name="DOI" value="10.17487/RFC9711"/>
        </reference>
        <reference anchor="RFC6960">
          <front>
            <title>X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP</title>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="M. Myers" initials="M." surname="Myers"/>
            <author fullname="R. Ankney" initials="R." surname="Ankney"/>
            <author fullname="A. Malpani" initials="A." surname="Malpani"/>
            <author fullname="S. Galperin" initials="S." surname="Galperin"/>
            <author fullname="C. Adams" initials="C." surname="Adams"/>
            <date month="June" year="2013"/>
            <abstract>
              <t>This document specifies a protocol useful in determining the current status of a digital certificate without requiring Certificate Revocation Lists (CRLs). Additional mechanisms addressing PKIX operational requirements are specified in separate documents. This document obsoletes RFCs 2560 and 6277. It also updates RFC 5912.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6960"/>
          <seriesInfo name="DOI" value="10.17487/RFC6960"/>
        </reference>
        <reference anchor="FIDO-REQS" target="https://fidoalliance.org/specs/fido-security-requirements/">
          <front>
            <title>FIDO Authenticator Security and Privacy Requirements</title>
            <author initials="B." surname="Peirani">
              <organization/>
            </author>
            <author initials="J." surname="Verrept">
              <organization/>
            </author>
            <date year="2025" month="March"/>
          </front>
        </reference>
        <reference anchor="I-D.ietf-rats-daa">
          <front>
            <title>Direct Anonymous Attestation for the Remote Attestation Procedures Architecture</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Christopher Newton" initials="C." surname="Newton">
              <organization>University of Surrey</organization>
            </author>
            <author fullname="Liqun Chen" initials="L." surname="Chen">
              <organization>University of Surrey</organization>
            </author>
            <author fullname="Thanassis Giannetsos" initials="T." surname="Giannetsos">
              <organization>Ubitech</organization>
            </author>
            <author fullname="Dave Thaler" initials="D." surname="Thaler">
              <organization>Microsoft</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document maps the concept of Direct Anonymous Attestation (DAA)
   to the Remote Attestation Procedures (RATS) Architecture.  The
   protocol entity DAA Issuer is introduced and its mapping with
   existing RATS roles in DAA protocol steps is specified.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-daa-09"/>
        </reference>
        <reference anchor="I-D.ietf-oauth-selective-disclosure-jwt">
          <front>
            <title>Selective Disclosure for JWTs (SD-JWT)</title>
            <author fullname="Daniel Fett" initials="D." surname="Fett">
              <organization>Authlete</organization>
            </author>
            <author fullname="Kristina Yasuda" initials="K." surname="Yasuda">
              <organization>Keio University</organization>
            </author>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <date day="29" month="May" year="2025"/>
            <abstract>
              <t>   This specification defines a mechanism for the selective disclosure
   of individual elements of a JSON data structure used as the payload
   of a JSON Web Signature (JWS).  The primary use case is the selective
   disclosure of JSON Web Token (JWT) claims.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-selective-disclosure-jwt-22"/>
        </reference>
        <reference anchor="I-D.fossati-tls-attestation">
          <front>
            <title>Using Attestation in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</title>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
         </author>
            <author fullname="Yaron Sheffer" initials="Y." surname="Sheffer">
              <organization>Intuit</organization>
            </author>
            <author fullname="Paul Howard" initials="P." surname="Howard">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Ionuț Mihalcea" initials="I." surname="Mihalcea">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Arto Niemi" initials="A." surname="Niemi">
              <organization>Huawei</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <date day="30" month="April" year="2025"/>
            <abstract>
              <t>   The TLS handshake protocol allows authentication of one or both peers
   using static, long-term credentials.  In some cases, it is also
   desirable to ensure that the peer runtime environment is in a secure
   state.  Such an assurance can be achieved using attestation which is
   a process by which an entity produces evidence about itself that
   another party can use to appraise whether that entity is found in a
   secure state.  This document describes a series of protocol
   extensions to the TLS 1.3 handshake that enables the binding of the
   TLS authentication key to a remote attestation session.  This enables
   an entity capable of producing attestation evidence, such as a
   confidential workload running in a Trusted Execution Environment
   (TEE), or an IoT device that is trying to authenticate itself to a
   network access point, to present a more comprehensive set of security
   metrics to its peer.  These extensions have been designed to allow
   the peers to use any attestation technology, in any remote
   attestation topology, and mutually.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-fossati-tls-attestation-09"/>
        </reference>
      </references>
    </references>
    <?line 451?>

<section numbered="false" anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>We would like to thank Chris Patton for his proposal to explore RFC 9261 for attested TLS.
We would also like to thank Eric Rescorla, Paul Howard, and Yogesh Deshpande for their input.</t>
    </section>
    <section numbered="false" anchor="appendix">
      <name>Appendix</name>
      <section numbered="false" anchor="post-handshake-vs-intra-handshake-privacy">
        <name>Post-handshake vs. Intra-handshake Privacy</name>
        <t>From the view of the TLS server, post-handshake attestation offers better privacy than intra-handshake attestation when the server acts as the Attester. In intra-handshake attestation, due to the inherent asymmetry of the TLS protocol, a malicious TLS client could potentially retrieve sensitive information from the Evidence without the client's trustworthiness first being established by the server. In post-handshake attestation, the server can ask for client authentication and only send the Evidence after successful client authentication.</t>
      </section>
      <section numbered="false" anchor="post-handshake-vs-intra-handshake-security">
        <name>Post-handshake vs. Intra-handshake Security</name>
        <t>Intra-handshake attestation proposal <xref target="I-D.fossati-tls-attestation"/> is vulnerable to diversion attacks <xref target="ID-Crisis"/>. It also does not bind the Evidence to the application traffic secrets, resulting in relay attacks <xref target="RelayAttacks"/>. Formal analysis of post-handshake attestation is a work-in-progress.</t>
      </section>
      <section numbered="false" anchor="document-history">
        <name>Document History</name>
        <t>-00</t>
        <ul spacing="normal">
          <li>
            <t>Expanded security considerations, in particular added security guarantees</t>
          </li>
          <li>
            <t>Added privacy considerations</t>
          </li>
          <li>
            <t>Corrected <xref target="fig-passport"/></t>
          </li>
        </ul>
        <t>-01</t>
        <ul spacing="normal">
          <li>
            <t>Added channel binding</t>
          </li>
          <li>
            <t>Added security analysis of intra-handshake attestation in Appendix</t>
          </li>
        </ul>
        <t>-02</t>
        <ul spacing="normal">
          <li>
            <t>Security considerations: Race conditions</t>
          </li>
          <li>
            <t>Security considerations: Timing of remote attestation</t>
          </li>
          <li>
            <t>Updated Client as Attester</t>
          </li>
          <li>
            <t>Added Server as Attester</t>
          </li>
          <li>
            <t>Added operational overview</t>
          </li>
        </ul>
        <t>-03</t>
        <ul spacing="normal">
          <li>
            <t>Prohibited session resumption and 0-RTT data.</t>
          </li>
        </ul>
      </section>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA71963bbRpbufz4FjrLWtDSLpC1fYls9p1dkWY6VxLbGUjrT
f45dBIokxiDARgGSGcdZ8w7z67zePMnZt7qBACW500drJZZIoFC1a1++famN
yWQyavKm0EfJ3ju9qhqdHDeNNo1q8qpMrvNmmZx+Wld1o7PkuG2WumzyVDVV
bfZGajar9RXcebxeF/gp3vKT2ug6HGRvBN/oRVVvjhLTZKNRVqWlWsETs1rN
m8m8MgYunBitmon+tIb/FwrvHpl2tsqNgTGazRquPzu9fDkq29VM10ejDK45
GqVVaXRpWnOUNHWrRzCbhyNVa3WUXOi0rfNmM7qu6o+LumrX8Nnp8WXyC/yd
l4vke/xs9FFv4ILsaJRMwlnjn5c/XeA/A+sfXemyhSkkSTA4/MVzjR+SJCuV
F7B+WON3uW7m06pewKeqTpdHybJp1ubo3j1YkmpqlX7U9dRedO96cQ/vuqdm
Vdvcw6fBnrQzoHpTmInyM76nZZ7hh3twA1MTbrDP6dw45RGnedU7xL2hbZou
m1WxNxopIEtVIyEm8F+S8Oa+bpdqtVJZ8rNRK5VcqDpTNX0Pq1Jl/isNfpRc
/py8qLXJdElfaibUSu5+3+LdU0N3f9e0k4yvnWa687zLZbVSJnnJ0+x50E95
qeoqfEhDt0xlZd8VdIHsDA89b4tChs/rdqUKba5VnbzTWbbpecSb6mOu6PMU
GO8oea7KhSqqWtNntV7QVT+quoSd/ihXVm3ZoGyclZncLNPb+zhtgqe+r/Gp
35X4jGlarfY6BPgbTL5MLpZ6Ptd9hD4rmzZvwgds8I45sdp3C/wIh+1Z+ytV
ltoklyZdVnNd5oue0X8u8ytdG1h2Us2Bsjp53pYZTFwva+CFMk+XdJfVGXD9
8+vk9TSg1hvdznKQ7UVErefqStV5h1bf63qlyo18mMEcnz5+/ORJuLglTXra
uEnDEj9NS910yHZWlW2TvM6Xqki16lnZcb0C3lnlIBbh+DneN13Jfd+pekXU
G5UVTK0BYqBAvHt58uzhw0fy64PDw2fy69PDJ/Tp2eQF0X+CMlnP06ePHn07
y1GbFebwoYzw4NvD6NpaNWayMovJda3WW6M8ffLkIQ0hv4xGeTkPJ+WuLtRq
bSapqUNxpwkeT0D3HSUv3p5ND+9PDw/vP7t3fHJyenExfXD/waPpw0fPnhw+
fYRX6kJtQG2C0jJHRB5rTYDdajWBXcjMUn3U0zlQLdk/+evpBIb4dvLw4bfP
nhwAb+WLJegU4B1kHfg6yUvRw6BxYRZ7NCpp++SHttQJ3s5PUvVCN159Xl9f
T0E7aFSqC7geN/veup1Z03Tv0f2nDw6fHT598L4zOZzb+3hq76OJ4Zfv8/K9
ndh7Mg3Izk734c8EJg+Efz1Nfp6GGs9989dp8qKd6c3HKv78hwnc84NK/94S
f569mJzUucFNdFvw6PG9h0+ePHtw/+n04ZOnjx8+fSLc8eTw8CghlgDNzJ99
++zb+0dJlRq0PC/PXrydvDv994ujXqrN86xSRZGrMtVkcMxap4Y+huWzCZ3U
+u9tXusVWD9zL9pmHD02jM7wJkDe5LzOr1S6AUbxI+wNk+75NDnXeQ3i1yHQ
NPmrrmu9bgJ2eI07jfzweEs6MqWEKPBb+G2Fj4WFFTpFeZhkuUmLyrS1nvzn
NZDFZPiv3GFtXsdgHo1GuFrQWXDdxelPLxE8vTxpljksbTSZTEDLGTTkzWg0
uoRPE6RpPrcQKdPzHBWqSlYaaJAlIJ5Jc10la1U3OXwBIqBAr61WqDf5nrxs
NI6IvzdVoj+lwL0LnZxe5WAOU03EDqHbO23aojFJaxCGWMNOVPcYZpyAyeTp
ZPjUz59F33z5Mk2OsyzHoYA7NuMkb3AOdZW1KcwQFfyHdHX9PiDLB3hKA2AM
fh0n10vQ+AncWl3DQoN5pWDGcAKqMLiQmYZh06LNYAIZMEjaFBucCT7gRAM5
iGoaKAVbAesFtNckGfAXLAqv6Qdnk5ky8Nm6Mo2X8nDtCHsAMsBn63VdKZiq
adc4kklmFWBeHHqtjMGPiLQz0HCI8+DXdKnTj8kKzA4sYV5XK7r63fHlBeE5
MBRpA/yEJCh0guhUZquaiBI1WpISH4ijAi1wGDSadbHBG2IGSMmgFVNmsFWe
ZYUejb5Bs06bQqAVuE3Dk3PkLZjtNQ5Tak2jZwDvS2RLoCb8qfD5iPeR6TY8
u7TerJtqAVYFdi8BZAzjwHAGKMr8oRJSCbCqgkR5THPO9FWe0lPpko9ldV0m
iwoYG5eqx/amWVU1YJdhxVqXQBg1K3Q2JvLS44FXJgVo3CIx1by5xkfjd/O8
XtEfS3WlkxLGoPsbsF4a54VOyjQR7yUkMOwsSgdyK8wtVWs1ywsQW6Dha1hR
Ahu1RPoSfytndmq8kdkc1psvUDbSqiCNAaMCvDkpVL4yQjMkat60TSiLiNVB
YkxSt2VJ8lde5QC2kGb75gBkCy0n7fI5kX+lNjQSiKyfSSjIdk7AiaBYURmC
ZMBUaQ5IU2RklSPXk1jYqcBOr5D31xWYwQ1sVZqjgBrEV2CgrBiB82RAA9VA
KdBMxmK4SzIWyamfPdAe7wHRgMt0hkKE+w6aBPYeP4KHovTDrFiZAPz58sWq
PKD8ccMPzFcan3INlgIGRB4BU6sKZJkS7GZGWw+LXtegt1W9sewabjBtYFVU
C1SayCEwh9ZomVSsdHnHKpE61Hvu7s1ELUpQFcDz8DEoDZMDZ+J+pLqm7ctX
a2Z4IO8N84CHV7AIcEFX4FDE18FzATiMmR/BDW6Joh212tGqX6lUYfJXenNL
pfqH6VNYli4AK5focgKlGFYkpOxUMaFNT4MJgHff0hWkRlU0uWPCB4gj9k+O
D8YwAtAIp+knkCH6NF1F63i/V8HCBiBxSpZmNgKOxH+8FRjDvGDCNPF5oT/l
rILI5Gc5umpk0PS6qDbEDSYFxVjnFcrKZcQnszYvMjDoa+S4Za2BajgTxTY6
ZncA46MJz2a/J65zXlegSmB65gD8m8BmBTILrlHjoMqyuu5jfLMBfQlyhR8A
zjZLViTAgM016mgLaEBnCWKJNmgAs9CmGB1iHlTfJawXWT+gG5MflEeLcmHi
DUNQBX/379kYaa5LUoAVS0ZVg+lFnYRxGNgseJLIDC8TTS+xz0BAKERPRLwK
pwmLzycshLxPNwjRWyJMh03Rtjoao80k9lxrHB4JA2oXFWaM7hJE7XCXE3PE
H+UGJgCETdS80Uwg76OxBNvLHVMbXYNuFjsNAlzkSHtQtKarUd7JE+2lJ3Rp
zwXyDINijYyLWLzYsDTisuDjVOdXVivtXhdSAIepSgYDZEGjO9C05qahzZ6H
Ex6Hf5BR3TAgeZmXRGo3U8uU9m96Kj4Dte2VKnL0Scg6Ey/B/2paydQJ4gna
k3XTAg+8toP8AlgLUAyouNe/HAAD9fv4yE9wgQc0Ci1MSyKbgYIBaAOCoyw8
uUG+xs49seQNQGevWUPE1OfI3N5yEdiLZP8rsP8fYqaG3B3E0pe6BttFKyYo
jRA4weiwSV7/fHE5pv8nb97Cb+BQ/3z27vTFOLl4dfzTT/IPf3fx6u3PP72w
/9rrT96+fn365gXeAp/EH7w+/huz3dvzy7O3b45/YjKE2h/hjaUZSO661uTO
oftm0jqf8Yqen5wnh494YRhuAuhFv2O8CX6/BkLwg6oSaM1/AnU2CB+1qgnA
FwVi5bxBMAHjmyXCefQrpkwUMOWoKNHJAPO9Yu8C5jVXK7BtMAjJIO7SVZWq
GTBmzbGAlAWgx+NkkIjXxFuy14PqA6yzN0Ylvzf8bY7+L0+w1nPUdxWrzkhE
YqeMTNCYaAPOBjAm6g3WwuhKWYC1AiI4OweLXREHdUXg1CELgR8Rv/7J9PF5
1+4HUqZgCtehXKHzAuvbcsXHd3jelJ/nQZAATEejqu6NLHQkWATXDQOoKNdF
Zl0JsFATjprECLC8/TRHxx3WuRDr+Gj6aPoAHzShsOmXL2MH9fr0iFgD8nJU
OJv3YF4bC7PJiTZoaogGkdk4xTC018FgHE4xhrB1BTypIQgaPYaZDsZuaAbG
VGlOxsPTji3hoEJlRSQyS6IsdARfGQzj1jxkD/qIQXPB/J1GFoC9NGSKLf/0
b9sU4Y1Vhl0ugMtrHC2tarHKpLUrVlygL3CxhM4IKwI4XqKJ9qMbASKg2cD7
ZmCvzXYAxcW1GSA1+WKJFiSC+zJ38Vo9l4HrytpsmMYwpJA25vAdpukf957C
tRLyGfDy0Bw4Hw8V7vDkxs4ns9aTQkLogQAU9i6DJdl/TB/ffxbxq2N0oNnv
v/8+4r+Tz5wtWSuQEaIjAud/O5xOH/yfw28nh3/58+gLwpZAd/yZbh/Za4+S
U4ddBEMMrReWhwiIN3wHUPKCwyieVBARFvNEmYRDT56/fYcc+MPF2zfWz3KR
wMCDjYj1j7qwJGowMoz+K7pUHTcWZr5Z22jUybFJJOjuIyMaNpztD4zS0vwq
er7u6JesJaxwRUEigT3gwayNc5QEsCItTDv7T9CjSZ6xrIwp5mVZJQ2xMi4A
7SHAjZbuzRsLi8UVd7aKss5litITON5uzWOMSuEI/URd6BKWzIK9WhNUBcLc
pBTTvAaTeYUpBgZPTBt0PleAj7IuviUO2S07GMTTxXxMzu8VT9gHNfDRNfp0
vQyxRicb42SIDL5J3uhFBbxsQXofYPZo4fM3pb/8y2jUuVnCFDtowa4yczA5
vP2W8zHbzRBznZYZeYiihK7Jq6/EIRsWUBasIdeYbEUOloD1iUx/ZpUr7QxM
f7VGOzOskbf2yfqTIJ43+ZpTUvdrzBCKQSce4WeGz+BJBjpY/E2Aj+QoUYRS
OKwTYyxJ11znRSEmT3iAfPNewtk1oas4jHvQCPKu8KxcmKrpILcysxtlKMLP
FBAYwhKLzoa1abvdNpwbBrF7bcq6WpPati53R64AIcxvyhIJgJG0QZ/04dAc
SsfgP86fQv+wiVd51ZpiwzEWb5tjzCHrH8suEl1qwU4zZMDt2EKkM20wYa8t
heI6e++mvwdAGeY8TY4dH3TF69n0IcxwFOBSHUtXVlFCA+ZWgc799RYbovrZ
fzTI/ix6ixIzHnljHTFQ361TUVbZO0wIWzKP0XxyjYklNcP8G+uzn1k/lrtB
zzmCnlfO1B1HoIcR2C4OcSjQeZnkz4VA9aYZ7I4G7Mh/AsS9Vai9qVVpVnnT
eDa8hTvjYDvzq+GkXDdwJZvYhw53IUMJFKGbj3k/UguKQlJwaylouItrQUGQ
RooMNaIjTCHlpEEQZ0Q5wlnOkhY4wrFv3ZEwdrEDqdy1+cS5Mx16SC608CF0
22TE98jXcPsHZ18jbfB1ZiPZd3HQC46Dupvi4OWBbJKdLUluF8472gS2w+Lu
Dpn0lRO1U5vaOKlWa/hWcghEDEbrIYP9VbDdbeQrq2B2qIHIE9gkBHPXhUr7
3IArNzAQB6P5uVkZkhOKEFO0CA2dqxtITNXWbGu7QTiEXiFLqgLsa5SNFNgC
957/eCay3PWZLqz5BdBMGY+T/unu6+liysBWUZ4jVPO4jRipkjS7Tj+aA+Y9
04AlRw5c6xo9D5xBCkxlHVqUlM+frXLnepcfz/4DPvtfoEceP3h6HxHVhAsN
BsQ1VXUtdmN7o0IXmxSfoqBEO7MpZ/RLdm4UAHWKVLsBiqpcGGBCn2gduBOH
DrfSVfUAvq0R4Bpc2pnNjIoPieCi1uRQ+PQFpujQfHQcChQCeiDNcqf3ZxKq
BMb4fR0wrdaNnxinuFlipCJZBAW2iiWWtkjE+CtMkZJRC+0Ciakf16ZJYk7/
h8wTLOZMcsZVaUs1wBsyNtkVVRGMncaV9MPW5bbCYZqc5iJ7Lp8j6TJZBRYk
zNtijgLQkIdXV4U221mzrmDbTJeEV1xNBQ4YJWk0zYCk1mnF/ec+WXdCybrX
qAQOqLg4icYTF1Gb2N6IUTNcr3SjiblLlNROIa7cADG5VnVmtsouVOAfunIN
FCoNPN96h+FaIcYmaesr/Bh6LlhgRJEoDrqk+ocUoRxFxC2+o68bSmq4cEac
WBwnzIWymXaeQIK+mYwmfZUp++c24zq4WZifNDF1PE1mGhavUQT8Wt2X5MKb
gZoYu3uWq7cf7NjBXxeN8IeyiGgBXGruJhft2tBm2vzh4Dxdesx6RBiVEitE
3l3a9DIc7NnzDcNYgmlbuY/hwH43utiXY+B0sUAB75VyoUMR63M8hjEnOL2l
Q9JlZRA8erOPCcdvotKEmxU0F5TdutrwnxnNHd+17K9TlTIavaquMew3tjaH
zWgrrlpMdkIptszPxo20hL/TiigtgVMBQj+8vTglHAv/clySweiGCj1u8CzS
sPIrCFNZnJGhqbrKVTj1SUHHggiAFWLG1zg0u14wKlgaDPy/bAmfxcUsZDz4
2gB54mqDQqumMx0g4s9rojf4/WtOtQylg2x05AZdQFWCLhJD4KzBzafMS2WF
jCOtGH8Vqd4Fbcj+9Vs91qNclIBlnnrhqqodQ9LBicvQ8qy4/ib20xAfC+ZF
DLhABmxcqWaYhxnj+SW5wXmRUtSwBDtHhZjgULZzRWIpSldmGZLX+lHPxUWk
qgpAAEssMByYdCQTihyrbiXMTBayccLFcQoS1Rpp3rqsoh9fNQDsTd+lKbhU
beMyA3hFoWbgeOyFqlEWseeLYIbdTwu23IPkc5GYKMJkHUTyVCPMbF3rsa/6
mFvqjaU4UnOsmzw2sS2nDC60r8I/58pPdB05cj1Ae4ElAX9smS8wezHazjkH
kWkGGdqGjZjZ8T6pDbZkW+NxgIYLK7CsGOWPULyNs+YYzEvhCUAlRYgjRheR
UPQby6MeA0uyyuVfjmf64IDbCWB/CTsJ8yMQsTnEygkiDZazJ9KDyP/nv/5v
QLLwFAUb5pykmvMw23onqIkRkfgnGasmyn9RoSVsrM3gcMQQ/bxPFHWgaksb
EWKFV1f4j13nolUITjVlPs7KjnrUnxSOZcahu4FFt5QrQQ1rM1Fx8omfGzgs
OTuBUVI3rBEK41n2vAR7h9YZNA4o4sffdFht9PnzPF9MbD0hOPhYCtMpMrRo
5ffff1fKXC0kDpts/4jbuf1jsRpw9m89X9PP4BfJb3zbO73AQhtarA+33nhb
kuzzvCYUjkRaHtz4tH+b9P785RZP+6q1TadTrhdfU9k5/X2L277uab3x19s8
bT+OIR7c5mkDlJz8syjZ/bmI/bL+2wbmOPzzl/6nfY8q8jhCwqR0b0eS4R9+
Wr/+27+JJKFGpbDE7SjZ0dXjW97WU2x6m9tsMepB58vdtw3uzo7bsDzj81Hy
Taj4+Kzf/96LtSNTa1uT7n1hXeox7ST1mHYkStUXZTu1Su4rmYYAis26o3Dx
9ojjiZeniH0ooyvWt+fACuHl7oWjY4dQgms5RUxlY7wucX3hOb762mxXZ7us
BOvSKR5yUWQ/a1Jc4zB90NT5YoGF24PJHp7FqU2UBALqUhHHp9MYxbnjQVHE
4/IUINvlyXMACwqBJkGPcZB0b9DzxpoGKQ7y3qhQAKtmbM4QNq6txbeSKVJh
haShfW6j5PBXv0j2Rkks4S49nYYDa3E4TQ4+gaGPs9/9wTRvqHH6+36lIlvA
KVs/eNGW9b7Bat9FR+804be0z3fVnX1aYMi2fMVaBmz23cb4x+fRb8xva6nv
bI/+qWuxs/fW+s5j3MUYDNM0kKqvXcs24rjzGD378hXz6AcNfaBgcIwBKHCn
eQzggjuNMQAS7jLGHVj9D9IfCEAjbrj7GD1Tu/s8tpj6K8Z414GzXzHGNlP/
MfojhHXBeTgBdv3hx90AzxrEyIdG603n5uaSTNy+iNKopSqqRdUCEgG/XK8b
F0ahM2VquCYDw1JaZZ1qfIebKPN7fhY1m6C5hNt7wVkKqmvhlEF/mmLsT/1K
FFqqSgZgDT6YqwakujEKexyNRofTzh3fuypXLKSWzFXfKITXjNR+DkXnbyhk
dcFcLO4q1y2S60F3RkHpyPCMogBmT2XLjmJa0xeWpgoAhpg29LYjN+KrinxV
0I5gLJ3KOYlqlmxA2m5nAC0d+PWP+/yNBGK/yHmBaKxqLTsYlZFxaWgQx402
zT5wRFjWVQFtH0zOjauv6sR6BeribzFHjHxyL60rY4KzsvH4EkMerChzkxSv
yYfWVFC57gusTE8Vk85G3WOspT1cI7FWTjFSW4DtZ+MlNs0vfQ8uT0/Zf+DY
LDuKneLaj3rDjoRcFHCmrQ1A/sfkeL6wxyLIs/LE4pRIVlGqDqb3r1s1PLgz
rM66aRJcs8GOSL4qxJVGBTuVLvHsFvZwIeLbnXBBfj5wnpfZ9sGInYyDkz1O
UmxREVOPHcJTV9JuzwLghpqlFYfjsx8TbpqEhERPG/dr4FwKnT71rjbKXF0V
xg8UhPux/GiEyhjnu1Xmgpq7k2+xFkVZ09FPjK789qaNqCtDViWmGofTx+KJ
mt3FkRU1Tgv5EASHjzmVY9sFSGInL13dGFquIyR9fwJpj8RNvt6VO3Ie/o6K
RMkvyS3vecL7cSWrrUB+Mn2MO+ur1A6myRnWcW4ZfTkWT7rLpsbk9FpYGjJx
7F7icc4/y7oU7vF75GcADXiyDXbjweNvJzOQ9P2HD4D/gBYHcn4oIZ96Ioa0
3u9Qagd9xsnDBwd8iAh3It6z3FNA4WbIo14Bd+8zS79HRvztN9cOiWknA3JM
Kf6KzpVhQVXbgMpwbVECluBUnB9dbvAitH0OjhPzvcchqUaPoho9vYpwIcm8
LV1LAE7KGmwJssCc1HLVWyvrSgKooVpyOH2YpPkay79Mm8ND9/OpnrJcvPrx
xUsa8sAei9oisSug2FJpiVdp+7AE4o8Diwf6RJZqR71UdyV5QMMxAqjuAAJo
bbWe2ZQ2K/xQz4p95UMDbGHZfpIy14YPZY5cfDA+juGCToO6SbLMfMWQpjFq
pWO+WsY77tWNP/RtobbVaKKi7Py4ys7m/juJaTsRtghcS1bohRQioYHmjGkV
aQA62gFiLUWxoozoyqJiTGcxGq3Q2FMOlIUfDxMpN1I6itUlcnyExyXJ5pll
Yys/vEDGEFYjSi4/pnBn/mAEvB3DW1SdG1++YgtyscrKQp5gtr5Clq2WRZNN
t0YsObNpzB9BCeyDOTxwEPP0tLefAp+nD6xsaD/vokaCouJgw7OtPhpz7KlH
wmQLRG9aQQTJwDZgJbGHZSXWLCWFVldUgYl9rkCYGmQTbN5ZZM6Ds4P0QgUg
PQ1sEYvNQLdy/Va4JKjstuKEkMpWwyEi3Gq5BduNTIm1C2kjKXBqZJm0ZUF6
ISh+VnONWe3MtZmiGnmrI4F/iEep3U2KQdwCs/2FvlJ0fh+2ucjDLj/cX0Aq
oj1edIXNsNG4fqGvkIEMN4O2oC4OgbzLZTiCFViD5YZDraeDwoceZBaCVydb
1yrYbeqmwK3gqMiU8TvivSLCl3xiBIhXIxEbS59xrOLlQKA/hTaMQYnz3sPf
79kwsVcaX2KPiuAVUS3P3c1jZBqtdh3yY2LPN/JoLgeKUAI+3rFm4F089ooK
3iJC2Zp+2ABPGTkb0l00iM+VrZiRepWgICqk7lZ5pDfVFy0VGM/bYhRFAG6H
ynHyrq5jCOWgr/7WetQgdm/hQVe5vu5VluEJ14GQzNbBV4eKGROHh73Ea3co
OJTLtNZkE4mQrlR398Ey3+HIF64EBZE+DcgKWtp5SqbNWbT+BEZUAsgrtQ2F
XOct7A0FBP0FLiKlHDVOcIfLxZqGE+OyGSqs76Xq//zXf9+6u2ZAQuo92dJZ
hIG859j2KmXIopIP2z7QB9Q8H4bigx/88VQ+C2CP8trQFfFc6MT3HkDeUQEK
FH0b4lkqfwK+ZjI6W+cPJ1Dnp9R3fvI9GXiVtm8H3hW2bho6DtDTtyxoHsfV
SB3SuxytHprNbcrgfRWYhbEDQgc0tcf3bQ+BCLl82LLeH2jwDzaB4XbRuBat
XmqwK08oIFxDguPGsxC1g2Kwq8ltXCO8LQxATupr3iOMgWJjOs+pptkeqO3u
QlziH4G1JTjZchqyhzYO2vjjPdukkmgeG40b2/N254ZF1E0QVCgbF+zeyRJG
mn9gmd/NlzMo9XUC29SWlmR9Z5t8OQAXDYQtUKukmvHp1N6cv3UltmcyIGHd
afmty/1JjGnyPDw5A5AVpMO3FfCM0MdUUi5L5+JIDcgxDjqUHYeeosjeL2RK
OHgadK/1PUtxHDJWqEBc/XmvujXbZgQR8NZsqXJ/PGg66ez6aqUZBPD9ec2z
sHojPI/I/QaLuGsNLrTIZ7Wq6fyeL14+qQgCS4x9uzPWEtuzM7u48tM0uqc7
Xd9kjJqOsSjkrrredqvq75ftiqVdiav0L8a+ithFvmXvIGiv4jS6dIOjA+Na
NfYw51w1oIjBD6ucMehv/Nztx11Kw0o61lKCepPg4XabznEHds8oG9SQoy3c
BohPCmg7kXTD6okODymOBajowIAkKqJeTtd0atCdI5jp2x4luJVT/Mre67jk
dZW1wPz7ry5eHyDjX+JkMPL/Ca5gOBpEqffBSTlgDEQn70lwUHl3zNaNvjDi
9LXKa9uqWPrTimW/oX1ap35roMcaHqftHFqKD7FcSK8eX9ty8e5g2+LtfucD
N6aQDo3kYB+7/kGbYb8xl9p27MLggwKU9OCO4a5CPgJHvlbeFfw72bWHko2c
CvRl91H7MclAy03fu3rz0ehN1YinS9K1RoGMU3bI+lVaFWOfw6CMhJnYhl++
ft3P3vkuzmG2qQyPgOF+PlAjTE4lc7bPS5An8amX6Ar4nkGZSrELN0Ys+GVH
lOPzwYhgelYddcXL0Rrmdi9wYcncj0fumDA1lgrOdnP3dUaYRkwb8Lf+lJvG
HRn8O0xSVKU7C35kU2S3pJNnl8AK+Cbkm35yWbk+t8uzgn95LoKP4Yc7TYSd
I6fuK4pefeTwnwu+DEwMH/WSj9v6XWT/HlkWHgpIw9iTDvhoy3sURw96igdE
GGYa6S4U3ucy5iC/dLAPAYqN+uBCyDBJ/JoosVJ0sqawZPIgMCwK1Vz3Sdwf
hXk7Pt96qYw/QSRFppmMXftvykqOpF+rDXcCZB8zbPQF7KStNpSyELJnrgN/
Jg1IDfH7WnNraTwaOCODjeeRGj62tqJG+Pt7VsL3DrqSMZbz7hsb9iVWZnXp
pur7pUWpA+lqgTMaU10xaX60Ityie8ynLYvOUa8mtelDPK0bnGNEW1Zxdsmk
sDAHIi3QsQ13QlwYlSiQEZ94qPhlNOrpnLrVU7ZKQe5Nh/soDUmHJTsd26zW
6MTC7HlWqeOQttIeAk+TExWwAh6YLLm7KgFBd6C1ezBdBU3Yt7ss0HBqgV3Q
JQWztVyMXhoXtCo2zn3NrHEJepK7XnBhMiXjFgpA/gsRIXQ3V2sa3pWTE1xB
ybfZL/gop3ggdq1agy51uJpwLurYoMkonWEiPCPYMzo2Swo5QiJH1NiLG+9a
yebYuu3xIauLMnPWc+dtrBXxb8k2xUeNguURpulEeIIB6SyweB2UXFdXVZ7R
TnbfbwB8sMxnCNPNNhXxMfcn7y4veQdwlYQnrLIOm4hgID2SjwgoHnHhAyfs
atfoC7uncHv05MMbfS0beZmnH7WPFyU0k03I1jgBV6siQMX0sVlwJjuaz9RN
R7jXTYd6lsmq9z9ozBZQt8oPBzgPVjmR3/evCXe+1SV1xUcDjY3J3DHeEjgF
7QZqnVK68WDYI3x6nKi8iRhbk+DZ49uSsGWM9BFzK0J6rNbkmKPVyxtpmGm3
GU876lThdw0p8HBbFedBapFJ3+aeD5HTi+gCoy1w5vNn+6YzcOoCbDhBIZ7Y
1M/k/OLHUIeRRsHXjvDOSv5BcTZYAu8cimWjHWSJ64V1OuHZtibsS7KsQOOz
gr7EvqF01D7ZfudCn0K23tiWYjLanpnexJEDlJEgtDUdIf5wQMNuMvcN5RMD
2DiGG2yGT7Z5jSKfa/sqlu6xlnEft4u19A2R8pV09MWHuXcKxDjLaR9pZ2XN
vDsODibMUVrq7Hzq3Ocyu43xgnwZLznuPuU3zzdL2PdVT1SfgLEAetsdbCXG
XOnQgsF3Cx1Mg/lhcrDAxucbKYVyULtznJzricIM1M66hG7/9oCzpokXGVeS
k5tbnJFnHT+Tu29WutLXgZS04GSiUiik+0YjrbaAxpeDTmIPwb0LjtjO8CRd
lueG6wGdVzDt8IAvQrQYJkTSjDyY3YO3C3XGtHUePBDZLN7KZLuojV5B4bvo
YIRxzenq8CVYht9u1SMlAkprPbFIF8es8yrjkIjPN3lvVF5SxWA0JZFhLUhJ
ChqFHWFsAW9j75OvSM0EKo6JLz3veW04+s7mBowCRVvT9cXGsX1HGpqgdaCT
Rorw2fcCdgN8A6ezz+KiWpi5Jral4FDUCSIqNA8M4NifAJRkDwoaMBi63LA3
Bq3UL9o21sY3PyHP0Ju82PNpxClDv4rM5JyjIelmgu8gzkkSw57k9mZ2ogxO
O3xRDTlv/q0dvvg0xjyWf1jfrPhI/cC5SBrXBcZRM5JU0PvBCAhLtwaVFyRL
23P1BJSTg80SHrNYBlH7GTdkVYWpKN5hU5jo1bChsc0eKHAfVJe9Oz9gjH29
dK+WIUmSGKc3/is54C/AQmeBnraNfJmB0B12fWLobXVghfEYHaz07cnFOQIF
fBMm3veLy8S+OycZ5ajlFtEaeu0DvhdSkwmOGs17FCUdDDDjLsUk4keugros
S04rbKyPCtmVElsE54SVmBPMMl97P8S3cbrA5AK5pE2nuEJADMNfediEQhdg
pZR7Z902qzpvm2qFzRjuZxfTvR0z8W/HtJ2DLl5MfvjlEonKb8rEl4rQS8KP
6UP7HlK0CzDeSTUpqGRNbKGjMjaT88t8d04Pb/Ii/5Wr3XmuJK/1VbcEywDL
Y0RYpvTi+Ng9OlOKTFJVRwNaupgw3iwlIPT2bhsuyv2wwSGS5NH0kPMI7mWq
WEjLRqpQyELXFQsEvaOQmJ9DFBQmW+YuriJ9nl10yr857HwaRi9JpGACoEfJ
U58zM+8BDdYFdaLBasACsbwUwfueFE21pnfYBDVGQWM3uc9KWFsS6+nhVlQD
h31eWnOOIaCgMNa4a2P2Z3Gn79DKKcMZU+vad9ry2lfUkOsWAQwGmd6x7x9B
0hLYyr/xVY/EyRhmoXn8ybg8hDja9sWOFVvvK60KLRNBsePWL79iNIqeyabs
7PjN8ZYdu3cv4c2ssLl6cgqgFF33vGvHABcrOoHNTVc/f/4XfKGslSpiDLhd
4sCwwa4VcuftQCW/mPDK9sGqbJScX1hmM5+XmzUmVhc5vQgU3ZIRTV8qQhj9
ULd3vETAvO/dEr19ht50b3NWe9Fz6DF/peLPPRmr3mBbVHzYFF+n60bBQSZc
J/rlCyix3/g+OpxpH/QGVSydbbP1y78lL7CC/C3uDJ68kxQkTB7/IjsK1Pxt
ZE8H9h1t/K3nt+6V0Tcwt8vnL5KeQ5/02cmlPYH3JjiN9zeQUP+X39/f+EWu
aMip1V2KphS4bcHH1kafj9qSt11n4BIBMrmmIE+Rf5SiKlV+TE6WNWzdOUxF
nDrBlMDqgFToRcFrfAE9cRFmQIMSGE58TP3QpMDi8U/rPMVkFGCVQo3hQSBv
rypMxLOT8bdqgdD+BfxvDX+7grm8dofMqBkr+rOfumvCjjsxUL3CdsLxu7kt
Uuze/NIqTiwQ29Y/413BK/tiPt3w214ZSVAf4rzz9CiguJQO11bF9XZWPds5
yNi+nIOSSpi/Zqy7Af4N3tQTJgswkLNSGN2uWhOGdDjq54Ap1Zziq3euKIDQ
A0idsXHK1LaT9EHWP5mtl8HyS4W4aXgYnhEPmKlBCx+m+f93/X9b9rJZxC5/
da8LGcEJGCdWB14TDkKOzmlbIOCT4oyMqolohVRrjC+NdG97d03nTeVDG3R8
MCKAdf2jYkI1x4MSYFaABfitilIWRR3m6UCDe+A7/PuY/8RnvuRsBR7L3Zic
KiZ2CA/5VXhKFnxbPAy0qNmnQ3q/sPboVY4p4C2iTu7fR5gK3qsiZT1Qs0HV
Db6YGvFueLFPgCLkpe+sDMfjEAKlDBk5EHE3L5zN4ciNYF0Qib+4z33f64A8
u7QETN0pPHjEA3zERf86j5J3cSB+16USXYSnbwccEOyu+QWUPd6zXUoPirNf
VUHVbeWqbif3H+Lsz31s6MZgEjDC/wMeqIhJVIgAAA==

-->

</rfc>
