<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<?rfc rfcedstyle="yes"?>
<?rfc tocindent="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc text-list-symbols="-o*+"?>
<?rfc docmapping="yes"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lamps-attestation-freshness-08" category="std" consensus="true" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Freshness for Evidence in CSRs">Requesting a Freshness Nonce for Attestation Evidence in Certificate Signing Requests</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-attestation-freshness-08"/>
    <author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
      <organization abbrev="Siemens">Siemens</organization>
      <address>
        <postal>
          <street>Werner-von-Siemens-Strasse 1</street>
          <city>Munich</city>
          <code>80333</code>
          <country>Germany</country>
        </postal>
        <email>hannes.tschofenig@gmx.net</email>
      </address>
    </author>
    <author initials="H." surname="Brockhaus" fullname="Hendrik Brockhaus">
      <organization abbrev="Siemens">Siemens</organization>
      <address>
        <postal>
          <street>Werner-von-Siemens-Strasse 1</street>
          <city>Munich</city>
          <code>80333</code>
          <country>Germany</country>
        </postal>
        <email>hendrik.brockhaus@siemens.com</email>
        <uri>https://www.siemens.com</uri>
      </address>
    </author>
    <author initials="J." surname="Mandel" fullname="Joe Mandel">
      <organization abbrev="AKAYLA">AKAYLA, Inc.</organization>
      <address>
        <email>joe@akayla.com</email>
      </address>
    </author>
    <author initials="S." surname="Turner" fullname="Sean Turner">
      <organization>sn3rd</organization>
      <address>
        <email>sean@sn3rd.com</email>
      </address>
    </author>
    <date year="2026"/>
    <area>sec</area>
    <workgroup>LAMPS Working Group</workgroup>
    <keyword>Remote Attestation</keyword>
    <keyword>Certificate Signing Request</keyword>
    <keyword>Certificate Management Protocol (CMP)</keyword>
    <keyword>Enrollment over Secure Transport (EST)</keyword>
    <keyword>Certificate Management over CMS (CMC)</keyword>
    <abstract>
      <?line 114?>

<t>When an end entity includes attestation statements in a Certificate Signing
Request (CSR), the freshness of the conveyed Evidence often needs to be
established. A common mechanism is a nonce that is obtained from a Relying
Party or Verifier and included by the Attester in the Evidence.</t>
      <t>This document specifies how an end entity requests such an attestation
freshness nonce from an RA/CA when using certificate lifecycle management protocols.
It defines message formats and protocol bindings for the conveyance of nonce
request and response messages in the Certificate Management Protocol (CMP),
Enrollment over Secure Transport (EST), and Certificate Management over CMS
(CMC), including optional type-specific information needed to produce fresh
Evidence for inclusion in a CSR.</t>
    </abstract>
  </front>
  <middle>
    <?line 129?>

<section anchor="Introduction">
      <name>Introduction</name>
      <t><xref target="I-D.ietf-lamps-csr-attestation"/> specifies how Attestation Evidence, as
defined in the RATS Architecture <xref target="RFC9334"/>, can be conveyed in a Certificate
Signing Request (CSR) using PKCS#10 <xref target="RFC2986"/> or CRMF <xref target="RFC4211"/>. The RATS
Architecture calls for establishing the freshness of Evidence, see
<xref section="10" sectionFormat="of" target="RFC9334"/>. A common method for establishing freshness is the
use of nonces. Such nonces must be provided by the Relying Party or Verifier
and included in the Evidence by the Attester.</t>
      <t>When the CSR is conveyed using a certificate lifecycle management protocol, such
as CMP <xref target="RFC9810"/>, EST <xref target="RFC7030"/>, or CMC <xref target="I-D.ietf-lamps-rfc5272bis"/>, the
end entity can request the required nonce from the RA/CA in a prior message
exchange and pass it to the Attester to produce fresh Evidence.</t>
      <t>This document describes how an end entity can request a nonce from an RA/CA
using CMP, EST, and CMC.</t>
      <t>The following topics are out of scope for this document and either covered
in other specifications or are implementation or deployment details:</t>
      <ul spacing="normal">
        <li>
          <t>whether a CSR requires one or more nonces,</t>
        </li>
        <li>
          <t>how the end entity forwards the nonce to the Attester,</t>
        </li>
        <li>
          <t>whether the RA/CA or the Verifier generates the nonce and how those entities
communicate with each other, and</t>
        </li>
        <li>
          <t>other methods for establishing freshness.</t>
        </li>
      </ul>
      <t>In this context, the end entity is a device that contains one or more Attesters,
and the RA/CA acts as a Relying Party that communicates with one or more Verifiers.</t>
    </section>
    <section anchor="terminology-and-requirements-language">
      <name>Terminology and Requirements Language</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 <xref target="RFC2119"/>.</t>
      <t>This document uses RATS and PKIX terminology as described in
<xref section="3" sectionFormat="of" target="I-D.ietf-lamps-csr-attestation"/>. It also uses terminology from
the applicable certificate lifecycle management protocols: CMP, EST, and CMC.</t>
    </section>
    <section anchor="Architecture">
      <name>Architecture and Message Formats</name>
      <t>According to <xref target="I-D.ietf-lamps-csr-attestation"/>, a CSR can contain multiple
<tt>AttestationStatements</tt> and multiple certificates for validating those
<tt>AttestationStatements</tt>. This document describes how an end entity can use CMP,
EST, or CMC to request a nonce from the RA/CA for a specific type of Evidence
to be included in the CSR.</t>
      <t>The end entity sends a nonce request message with the following fields:</t>
      <ul spacing="normal">
        <li>
          <t><tt>len</tt>: In this OPTIONAL field, the end entity can specify the desired length of
the requested nonce in bytes as a value between 8 and 64.</t>
        </li>
        <li>
          <t><tt>reqTypeInfo</tt>: This OPTIONAL structure groups the type-specific information
for the nonce request. It contains:
          </t>
          <ul spacing="normal">
            <li>
              <t><tt>type</tt>: The end entity can specify the type of the reqInfo structure.</t>
            </li>
            <li>
              <t><tt>reqInfo</tt>: If type is set, this OPTIONAL field MUST contain the type-specific
content that the RA/CA requires to generate respInfo. If type is not set,
<tt>reqInfo</tt> MUST also be omitted.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>The RA/CA can return the requested nonce in a nonce response message together
with information specific to the generation of the Evidence.</t>
      <t>The nonce response message has the following fields:</t>
      <ul spacing="normal">
        <li>
          <t><tt>nonce</tt>: This field MUST contain the nonce if the RA/CA is able and willing to
provide it. If a specific length was requested, the RA/CA SHOULD provide a
nonce of that size. If the RA/CA doesn't need a freshness proof, the nonce
MUST be an empty or zero-length string.</t>
        </li>
        <li>
          <t><tt>expiry</tt>: In this OPTIONAL field, the RA/CA can specify the validity period of
the nonce in seconds as an integer value. The nonce can be used during this
period; the response therefore needs to be conveyed promptly.</t>
        </li>
        <li>
          <t><tt>respTypeInfo</tt>: This OPTIONAL structure groups the type-specific information
for the nonce response. It contains:
          </t>
          <ul spacing="normal">
            <li>
              <t><tt>type</tt>: The RA/CA can specify the type of the <tt>respInfo</tt> structure. The type
in the nonce response message is defined by the type in the nonce request
message.</t>
            </li>
            <li>
              <t><tt>respInfo</tt>: If type is set, this OPTIONAL field MUST contain the type-specific
content requested by the end entity for generating the Evidence. If type is
not set, <tt>respInfo</tt> MUST also be omitted.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>This document does not further specify the content of the <tt>reqInfo</tt> and <tt>respInfo</tt>
structures; those structures must be defined elsewhere. Each definition must
assign an object identifier and specify the exact content of the corresponding
field. The definition of the <tt>reqInfo</tt> structure must also specify the type of the expected
<tt>respInfo</tt> structure. The message structure and the <tt>reqInfo</tt> or <tt>respInfo</tt> structures
can use different encodings. For example, an ASN.1 message can contain <tt>reqInfo</tt> or
<tt>respInfo</tt> encoded as JSON, if necessary. The <tt>reqInfo</tt> structure may be used to
provide the required information to the Relying Party to route the nonce request
to the appropriate Verifier when multiple verifiers are supported. The <tt>respInfo</tt>
structure may be used to convey Generic Information Elements
(<xref section="6" sectionFormat="of" target="I-D.ietf-rats-reference-interaction-models"/>) such as Attesting
Environment IDs and Claim Selection. <xref target="appx-tpm-pcr-example"/> provides an
informative example using a TPM PCR selection.</t>
      <t>The generic message flow between the end entity and the RA/CA is shown in
<xref target="fig-msgFlow"/>.</t>
      <figure anchor="fig-msgFlow">
        <name>Message Flow in Background Check Model</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="400" width="528" viewBox="0 0 528 400" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 40,64 L 40,384" fill="none" stroke="black"/>
              <path d="M 264,64 L 264,384" fill="none" stroke="black"/>
              <path d="M 496,64 L 496,384" fill="none" stroke="black"/>
              <path d="M 48,112 L 256,112" fill="none" stroke="black"/>
              <path d="M 48,144 L 256,144" fill="none" stroke="black"/>
              <path d="M 272,176 L 488,176" fill="none" stroke="black"/>
              <path d="M 272,208 L 488,208" fill="none" stroke="black"/>
              <path d="M 48,240 L 256,240" fill="none" stroke="black"/>
              <path d="M 48,272 L 256,272" fill="none" stroke="black"/>
              <path d="M 272,304 L 488,304" fill="none" stroke="black"/>
              <path d="M 272,336 L 488,336" fill="none" stroke="black"/>
              <path d="M 48,368 L 256,368" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="496,304 484,298.4 484,309.6" fill="black" transform="rotate(0,488,304)"/>
              <polygon class="arrowhead" points="496,176 484,170.4 484,181.6" fill="black" transform="rotate(0,488,176)"/>
              <polygon class="arrowhead" points="280,336 268,330.4 268,341.6" fill="black" transform="rotate(180,272,336)"/>
              <polygon class="arrowhead" points="280,208 268,202.4 268,213.6" fill="black" transform="rotate(180,272,208)"/>
              <polygon class="arrowhead" points="264,272 252,266.4 252,277.6" fill="black" transform="rotate(0,256,272)"/>
              <polygon class="arrowhead" points="264,144 252,138.4 252,149.6" fill="black" transform="rotate(0,256,144)"/>
              <polygon class="arrowhead" points="264,112 252,106.4 252,117.6" fill="black" transform="rotate(0,256,112)"/>
              <polygon class="arrowhead" points="56,368 44,362.4 44,373.6" fill="black" transform="rotate(180,48,368)"/>
              <polygon class="arrowhead" points="56,240 44,234.4 44,245.6" fill="black" transform="rotate(180,48,240)"/>
              <polygon class="arrowhead" points="56,112 44,106.4 44,117.6" fill="black" transform="rotate(180,48,112)"/>
              <g class="text">
                <text x="16" y="36">end</text>
                <text x="60" y="36">entity</text>
                <text x="264" y="36">RA/CA</text>
                <text x="28" y="52">device</text>
                <text x="76" y="52">with</text>
                <text x="132" y="52">Attester</text>
                <text x="248" y="52">Relying</text>
                <text x="304" y="52">Party</text>
                <text x="492" y="52">Verifier</text>
                <text x="104" y="84">certificate</text>
                <text x="192" y="84">lifecycle</text>
                <text x="116" y="100">management</text>
                <text x="196" y="100">protocol</text>
                <text x="88" y="132">request</text>
                <text x="144" y="132">nonce</text>
                <text x="312" y="164">request</text>
                <text x="368" y="164">nonce</text>
                <text x="436" y="164">(optional)</text>
                <text x="304" y="196">nonce</text>
                <text x="372" y="196">(optional)</text>
                <text x="80" y="228">nonce</text>
                <text x="92" y="260">attested</text>
                <text x="144" y="260">CSR</text>
                <text x="316" y="292">Evidence</text>
                <text x="328" y="324">Attestation</text>
                <text x="404" y="324">Result</text>
                <text x="104" y="356">certificate</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
end entity                    RA/CA
device with Attester       Relying Party                 Verifier
    |                           |                            |
    |  certificate lifecycle    |                            |
    |    management protocol    |                            |
    |<------------------------->|                            |
    |  request nonce            |                            |
    |-------------------------->|                            |
    |                           |  request nonce (optional)  |
    |                           |--------------------------->|
    |                           |  nonce (optional)          |
    |                           |<---------------------------|
    |  nonce                    |                            |
    |<--------------------------|                            |
    |  attested CSR             |                            |
    |-------------------------->|                            |
    |                           |  Evidence                  |
    |                           |--------------------------->|
    |                           |  Attestation Result        |
    |                           |<---------------------------|
    |  certificate              |                            |
    |<--------------------------|                            |
    |                           |                            |
]]></artwork>
        </artset>
      </figure>
      <t>The nonce request and response messages SHOULD be transferred within the same
PKI management operation context provided by the certificate lifecycle management
protocol being used, just as the certificate request and response messages are,
so that the RA/CA can unambiguously associate the provided nonce with the evidence
in the CSR.
This association is required because the RA/CA treats the Evidence carried in the
CSR as opaque and therefore cannot rely on inspecting the Evidence to determine
which previously issued nonce applies to that CSR.</t>
      <t>The nonce request and nonce response messages allow the end entity to request
only one nonce and one <tt>respInfo</tt> structure from the RA/CA. If the end entity
wants to include multiple Evidence statements in a CSR, it can use the
composite Attester model described in <xref section="3.3" sectionFormat="of" target="RFC9334"/> and
<xref target="I-D.richardson-rats-composite-attesters"/>, i.e., together with a conceptual
message wrapper (CMW) <xref target="I-D.ietf-rats-msg-wrap"/> structure, as described in
<xref section="4.3" sectionFormat="of" target="I-D.ietf-lamps-csr-attestation"/>. The lead Attester
should then pass the nonce to the sub-Attesters. Based on Figure 2 of
<xref target="I-D.richardson-rats-composite-attesters"/>, <xref target="fig-lead-Attester"/> shows an
example of how a nonce can be distributed among several Attesters in an end
entity. If multiple <tt>respInfo</tt> structures are required, the <tt>reqInfo</tt> and <tt>respInfo</tt>
structures can also use a conceptual message wrapper (CMW).</t>
      <figure anchor="fig-lead-Attester">
        <name>Class 1 Composite Attester</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="528" width="544" viewBox="0 0 544 528" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,160 L 8,512" fill="none" stroke="black"/>
              <path d="M 24,256 L 24,480" fill="none" stroke="black"/>
              <path d="M 40,272 L 40,320" fill="none" stroke="black"/>
              <path d="M 88,328 L 88,432" fill="none" stroke="black"/>
              <path d="M 112,176 L 112,208" fill="none" stroke="black"/>
              <path d="M 152,272 L 152,320" fill="none" stroke="black"/>
              <path d="M 176,400 L 176,448" fill="none" stroke="black"/>
              <path d="M 184,32 L 184,64" fill="none" stroke="black"/>
              <path d="M 208,72 L 208,168" fill="none" stroke="black"/>
              <path d="M 208,216 L 208,392" fill="none" stroke="black"/>
              <path d="M 240,72 L 240,168" fill="none" stroke="black"/>
              <path d="M 240,216 L 240,392" fill="none" stroke="black"/>
              <path d="M 264,32 L 264,64" fill="none" stroke="black"/>
              <path d="M 288,400 L 288,448" fill="none" stroke="black"/>
              <path d="M 304,336 L 304,480" fill="none" stroke="black"/>
              <path d="M 352,176 L 352,208" fill="none" stroke="black"/>
              <path d="M 416,352 L 416,400" fill="none" stroke="black"/>
              <path d="M 416,432 L 416,480" fill="none" stroke="black"/>
              <path d="M 520,352 L 520,400" fill="none" stroke="black"/>
              <path d="M 520,432 L 520,480" fill="none" stroke="black"/>
              <path d="M 536,160 L 536,512" fill="none" stroke="black"/>
              <path d="M 184,32 L 264,32" fill="none" stroke="black"/>
              <path d="M 184,64 L 264,64" fill="none" stroke="black"/>
              <path d="M 8,160 L 200,160" fill="none" stroke="black"/>
              <path d="M 216,160 L 232,160" fill="none" stroke="black"/>
              <path d="M 248,160 L 536,160" fill="none" stroke="black"/>
              <path d="M 112,176 L 352,176" fill="none" stroke="black"/>
              <path d="M 112,208 L 352,208" fill="none" stroke="black"/>
              <path d="M 24,256 L 200,256" fill="none" stroke="black"/>
              <path d="M 216,256 L 232,256" fill="none" stroke="black"/>
              <path d="M 248,256 L 304,256" fill="none" stroke="black"/>
              <path d="M 40,272 L 152,272" fill="none" stroke="black"/>
              <path d="M 40,320 L 152,320" fill="none" stroke="black"/>
              <path d="M 416,352 L 520,352" fill="none" stroke="black"/>
              <path d="M 312,368 L 408,368" fill="none" stroke="black"/>
              <path d="M 312,384 L 408,384" fill="none" stroke="black"/>
              <path d="M 176,400 L 288,400" fill="none" stroke="black"/>
              <path d="M 416,400 L 520,400" fill="none" stroke="black"/>
              <path d="M 88,432 L 168,432" fill="none" stroke="black"/>
              <path d="M 416,432 L 520,432" fill="none" stroke="black"/>
              <path d="M 176,448 L 288,448" fill="none" stroke="black"/>
              <path d="M 312,448 L 408,448" fill="none" stroke="black"/>
              <path d="M 312,464 L 408,464" fill="none" stroke="black"/>
              <path d="M 24,480 L 112,480" fill="none" stroke="black"/>
              <path d="M 224,480 L 304,480" fill="none" stroke="black"/>
              <path d="M 416,480 L 520,480" fill="none" stroke="black"/>
              <path d="M 8,512 L 248,512" fill="none" stroke="black"/>
              <path d="M 336,512 L 536,512" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="416,448 404,442.4 404,453.6" fill="black" transform="rotate(0,408,448)"/>
              <polygon class="arrowhead" points="416,368 404,362.4 404,373.6" fill="black" transform="rotate(0,408,368)"/>
              <polygon class="arrowhead" points="320,464 308,458.4 308,469.6" fill="black" transform="rotate(180,312,464)"/>
              <polygon class="arrowhead" points="320,384 308,378.4 308,389.6" fill="black" transform="rotate(180,312,384)"/>
              <polygon class="arrowhead" points="248,216 236,210.4 236,221.6" fill="black" transform="rotate(270,240,216)"/>
              <polygon class="arrowhead" points="248,72 236,66.4 236,77.6" fill="black" transform="rotate(270,240,72)"/>
              <polygon class="arrowhead" points="216,392 204,386.4 204,397.6" fill="black" transform="rotate(90,208,392)"/>
              <polygon class="arrowhead" points="216,168 204,162.4 204,173.6" fill="black" transform="rotate(90,208,168)"/>
              <polygon class="arrowhead" points="176,432 164,426.4 164,437.6" fill="black" transform="rotate(0,168,432)"/>
              <g class="text">
                <text x="204" y="52">RA</text>
                <text x="224" y="52">/</text>
                <text x="244" y="52">CA</text>
                <text x="184" y="100">nonce</text>
                <text x="256" y="100">CSR</text>
                <text x="160" y="196">certificate</text>
                <text x="252" y="196">management</text>
                <text x="324" y="196">client</text>
                <text x="328" y="276">Evidence-collection</text>
                <text x="424" y="276">CMW</text>
                <text x="76" y="292">target</text>
                <text x="112" y="292">A</text>
                <text x="200" y="292">n</text>
                <text x="260" y="292">1:</text>
                <text x="360" y="292">CMW(Evidence(Attester</text>
                <text x="460" y="292">A)</text>
                <text x="96" y="308">environment</text>
                <text x="200" y="308">o</text>
                <text x="260" y="308">2:</text>
                <text x="376" y="308">Evidence(Attester</text>
                <text x="460" y="308">B)</text>
                <text x="200" y="324">n</text>
                <text x="260" y="324">3:</text>
                <text x="376" y="324">Evidence(Attester</text>
                <text x="464" y="324">C))</text>
                <text x="200" y="340">c</text>
                <text x="120" y="356">collect</text>
                <text x="200" y="356">e</text>
                <text x="344" y="356">nonce</text>
                <text x="116" y="372">Claims</text>
                <text x="460" y="372">Attester</text>
                <text x="504" y="372">B</text>
                <text x="356" y="404">Evidence</text>
                <text x="400" y="404">B</text>
                <text x="224" y="420">attesting</text>
                <text x="232" y="436">environment</text>
                <text x="344" y="436">nonce</text>
                <text x="460" y="452">Attester</text>
                <text x="504" y="452">C</text>
                <text x="124" y="468">Attester</text>
                <text x="168" y="468">A</text>
                <text x="132" y="484">lead</text>
                <text x="188" y="484">Attester</text>
                <text x="356" y="484">Evidence</text>
                <text x="400" y="484">C</text>
                <text x="264" y="516">end</text>
                <text x="308" y="516">entity</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
                      .---------.
                      | RA / CA |
                      '---------'
                         |   ^
                    nonce|   |CSR
                         |   |
                         |   |
                         |   |
.------------------------v---|------------------------------------.
|            .-----------------------------.                      |
|            |certificate management client|                      |
|            '-----------------------------'                      |
|                        |   ^                                    |
|                        |   |                                    |
| .----------------------|---|-------.                            |
| | .-------------.      |   | Evidence-collection CMW            |
| | | target A    |     n|   | 1: CMW(Evidence(Attester A)        |
| | | environment |     o|   | 2:     Evidence(Attester B)        |
| | '-------------'     n|   | 3:     Evidence(Attester C))       |
| |       |             c|   |       |                            |
| |       |collect      e|   |       |  nonce      .------------. |
| |       |Claims        |   |       |------------>| Attester B | |
| |       |              v   |       |<------------|            | |
| |       |          .-------------. |  Evidence B '------------' |
| |       |          | attesting   | |                            |
| |       '--------->| environment | |  nonce      .------------. |
| |                  '-------------' |------------>| Attester C | |
| |        Attester A                |<------------|            | |
| '-----------lead Attester----------'  Evidence C '------------' |
|                                                                 |
'------------------------------end entity-------------------------'
]]></artwork>
        </artset>
      </figure>
      <t>The interaction between the end entity and the RA/CA is illustrated in <xref target="fig-msg"/>.</t>
      <figure anchor="fig-msg">
        <name>Exchange with Nonce and Evidence.</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="560" width="552" viewBox="0 0 552 560" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,46 L 80,46" fill="none" stroke="black"/>
              <path d="M 8,50 L 80,50" fill="none" stroke="black"/>
              <path d="M 360,46 L 456,46" fill="none" stroke="black"/>
              <path d="M 360,50 L 456,50" fill="none" stroke="black"/>
              <path d="M 144,80 L 184,80" fill="none" stroke="black"/>
              <path d="M 312,80 L 352,80" fill="none" stroke="black"/>
              <path d="M 144,176 L 176,176" fill="none" stroke="black"/>
              <path d="M 312,176 L 352,176" fill="none" stroke="black"/>
              <path d="M 344,304 L 360,304" fill="none" stroke="black"/>
              <path d="M 136,464 L 152,464" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="368,304 356,298.4 356,309.6" fill="black" transform="rotate(0,360,304)"/>
              <polygon class="arrowhead" points="360,80 348,74.4 348,85.6" fill="black" transform="rotate(0,352,80)"/>
              <polygon class="arrowhead" points="152,176 140,170.4 140,181.6" fill="black" transform="rotate(180,144,176)"/>
              <polygon class="arrowhead" points="144,464 132,458.4 132,469.6" fill="black" transform="rotate(180,136,464)"/>
              <circle cx="8" cy="528" r="6" class="closeddot" fill="black"/>
              <circle cx="168" cy="240" r="6" class="closeddot" fill="black"/>
              <g class="text">
                <text x="16" y="36">end</text>
                <text x="60" y="36">entity</text>
                <text x="408" y="36">RA/CA</text>
                <text x="216" y="84">nonce</text>
                <text x="272" y="84">request</text>
                <text x="372" y="116">Verify</text>
                <text x="432" y="116">request</text>
                <text x="380" y="132">Generate</text>
                <text x="428" y="132">or</text>
                <text x="468" y="132">obtain</text>
                <text x="524" y="132">nonce*</text>
                <text x="372" y="148">Create</text>
                <text x="436" y="148">response</text>
                <text x="208" y="180">nonce</text>
                <text x="268" y="180">response</text>
                <text x="216" y="196">(nonce,</text>
                <text x="280" y="196">expiry)</text>
                <text x="36" y="228">Generate</text>
                <text x="88" y="228">key</text>
                <text x="124" y="228">pair</text>
                <text x="36" y="244">Generate</text>
                <text x="120" y="244">Evidence(s)</text>
                <text x="36" y="260">Generate</text>
                <text x="128" y="260">certification</text>
                <text x="48" y="276">request</text>
                <text x="112" y="276">message</text>
                <text x="148" y="308">--</text>
                <text x="216" y="308">certification</text>
                <text x="304" y="308">request</text>
                <text x="180" y="324">+Evidence(s)</text>
                <text x="272" y="324">including</text>
                <text x="336" y="324">nonce</text>
                <text x="372" y="356">Verify</text>
                <text x="432" y="356">request</text>
                <text x="372" y="372">Verify</text>
                <text x="452" y="372">Evidence(s)*</text>
                <text x="368" y="388">Check</text>
                <text x="464" y="388">freshness/replay*</text>
                <text x="368" y="404">Issue</text>
                <text x="440" y="404">certificate</text>
                <text x="372" y="420">Create</text>
                <text x="436" y="420">response</text>
                <text x="372" y="436">Handle</text>
                <text x="436" y="436">response</text>
                <text x="216" y="468">certification</text>
                <text x="308" y="468">response</text>
                <text x="356" y="468">--</text>
                <text x="24" y="500">Store</text>
                <text x="96" y="500">certificate</text>
                <text x="16" y="532">:</text>
                <text x="48" y="532">These</text>
                <text x="96" y="532">steps</text>
                <text x="136" y="532">can</text>
                <text x="184" y="532">require</text>
                <text x="268" y="532">interactions</text>
                <text x="340" y="532">with</text>
                <text x="376" y="532">the</text>
                <text x="428" y="532">Attester</text>
                <text x="480" y="532">(on</text>
                <text x="512" y="532">the</text>
                <text x="40" y="548">end</text>
                <text x="84" y="548">entity</text>
                <text x="136" y="548">side)</text>
                <text x="176" y="548">and</text>
                <text x="212" y="548">with</text>
                <text x="248" y="548">the</text>
                <text x="300" y="548">Verifier</text>
                <text x="352" y="548">(on</text>
                <text x="384" y="548">the</text>
                <text x="424" y="548">RA/CA</text>
                <text x="476" y="548">side).</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
end entity                                      RA/CA
==========                                  =============

                 ------ nonce request ----->

                                           Verify request
                                           Generate or obtain nonce*
                                           Create response

                 <---- nonce response ------
                       (nonce, expiry)

Generate key pair
Generate Evidence(s)*
Generate certification
  request message

                 -- certification request -->
                +Evidence(s) including nonce

                                           Verify request
                                           Verify Evidence(s)*
                                           Check freshness/replay*
                                           Issue certificate
                                           Create response
                                           Handle response

                <-- certification response --

Store certificate

*: These steps can require interactions with the Attester (on the
   end entity side) and with the Verifier (on the RA/CA side).
]]></artwork>
        </artset>
      </figure>
      <t>The following sections define the generic data structures for nonce request and
nonce response message content. CMP and CMC use ASN.1, while EST uses JSON and CBOR,
both defined CDDL.</t>
      <section anchor="ASN.1">
        <name>ASN.1 Representation</name>
        <t>This section defines nonce request and nonce response message content as ASN.1 types for use in
CMP, see <xref target="CMP"/>, and CMC, see <xref target="CMC"/>. Nonce values conveyed as ASN.1 OCTET STRING values
in CMP and CMC are between 8 and 64 bytes in length. A zero-length OCTET STRING indicates
that the RA/CA does not require proof of freshness for the upcoming certificate request.</t>
        <artwork><![CDATA[
ATTESTATION-NONCE-REQUEST ::= TYPE-IDENTIFIER
AttestationNonceRequestSet ATTESTATION-NONCE-REQUEST ::= {
   ... -- None defined in this document --
}

ATTESTATION-NONCE-RESPONSE ::= TYPE-IDENTIFIER
AttestationNonceResponseSet ATTESTATION-NONCE-RESPONSE ::= {
   ... -- None defined in this document --
}

NonceRequestTypeInfo ::= SEQUENCE {
    type ATTESTATION-NONCE-REQUEST.&id(
                 {AttestationNonceRequestSet}),
    -- identifies the nonce-request syntax for the selected
    --   attestation statement type
    reqInfo  ATTESTATION-NONCE-REQUEST.&Type(
                 {AttestationNonceRequestSet}{@type}) OPTIONAL
    -- contains type-specific nonce-request information
}

NonceResponseTypeInfo ::= SEQUENCE {
    type ATTESTATION-NONCE-RESPONSE.&id(
                 {AttestationNonceResponseSet}),
    -- identifies the nonce-response syntax for the selected
    --   attestation statement type
    respInfo ATTESTATION-NONCE-RESPONSE.&Type(
                 {AttestationNonceResponseSet}{@type}) OPTIONAL
    -- contains type-specific nonce-response information
}

 NonceRequest ::= SEQUENCE {
    len      INTEGER (8..64) OPTIONAL,
    -- indicates the required length of the requested nonce
    reqTypeInfo NonceRequestTypeInfo OPTIONAL
 }

 NonceResponse ::= SEQUENCE {
    nonce    OCTET STRING (SIZE(0 | 8..64)),
    -- contains the nonce of length len
    -- a zero-length OCTET STRING indicates that no freshness
    --   proof is required
    expiry   INTEGER OPTIONAL,
    -- indicates how long in seconds the nonce issuer considers
    --   the nonce valid
    respTypeInfo NonceResponseTypeInfo OPTIONAL
 }
]]></artwork>
      </section>
      <section anchor="CDDL">
        <name>CDDL Representation</name>
        <t>This section provides a CDDL <xref target="RFC8610"/> definition for the JSON and CBOR nonce
request and nonce response message content. The nonce-request rule applies to
both JSON and CBOR. The nonce-response-json and nonce-response-cbor rules define
the encoding-specific representation of the nonce value. For JSON, the
base64url-nonce rule captures the allowed character set and encoded length; the
decoded nonce length requirements are specified in <xref target="EST-https"/>.</t>
        <sourcecode type="cddl"><![CDATA[
nonce-request = {
  ? "len": nonce-length,
  ? "reqTypeInfo": nonce-request-type-info
}

nonce-request-type-info = {
  "type": dotted-decimal-oid,
  ? "reqInfo": any
}

nonce-response-json = {
    "nonce": json-nonce,
  ? "expiry": uint,
  ? "respTypeInfo": nonce-response-type-info-json
}

nonce-response-type-info-json = {
  "type": dotted-decimal-oid,
  ? "respInfo": any
}

nonce-response-cbor = {
    "nonce": cbor-nonce,
  ? "expiry": uint,
  ? "respTypeInfo": nonce-response-type-info-cbor
}

nonce-response-type-info-cbor = {
  "type": dotted-decimal-oid,
  ? "respInfo": any
}

nonce-length = 8..64
cbor-nonce = h'' / bstr .size (8..64)
json-nonce = "" / base64url-nonce
base64url-nonce = tstr .regexp "[A-Za-z0-9_-]{11,86}"
dotted-decimal-oid = tstr
]]></sourcecode>
      </section>
    </section>
    <section anchor="CMP">
      <name>Use with CMP</name>
      <t>The nonce request and nonce response message content is conveyed as ASN.1 content,
see <xref target="ASN.1"/>, in a general message (<tt>genm</tt>) <xref section="5.3.19" sectionFormat="of" target="RFC9810"/>
and general response (<tt>genp</tt>) <xref section="5.3.20" sectionFormat="of" target="RFC9810"/>, respectively.</t>
      <artwork><![CDATA[
GenMsg:    {id-it TBD1}, NonceRequest
GenRep:    {id-it TBD2}, NonceResponse

id-it-nonceRequest OBJECT IDENTIFIER ::= { id-it TBD1 }
NonceRequestValue ::= NonceRequest

id-it-nonceResponse OBJECT IDENTIFIER ::= { id-it TBD2 }
NonceResponseValue ::= NonceResponse
]]></artwork>
      <t>When CMP is transferred over HTTP, the OPTIONAL <tt>&lt;operation&gt;</tt> path segment
defined in <xref section="3.4" sectionFormat="of" target="RFC9811"/> MAY be used for the nonce request message.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Operation</th>
            <th align="left">Operation path</th>
            <th align="left">Details</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Get Attestation Freshness Nonce</td>
            <td align="left">
              <tt>getnonce</tt></td>
            <td align="left">
              <xref target="CMP"/></td>
          </tr>
        </tbody>
      </table>
      <t>When CMP is transferred over CoAP, the OPTIONAL <tt>&lt;operation&gt;</tt> path segment
defined in <xref section="2.1" sectionFormat="of" target="RFC9482"/> MAY be used for the nonce request message.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Operation</th>
            <th align="left">Operation path</th>
            <th align="left">Details</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Get Attestation Freshness Nonce</td>
            <td align="left">
              <tt>nonce</tt></td>
            <td align="left">
              <xref target="CMP"/></td>
          </tr>
        </tbody>
      </table>
      <t>To ensure that the nonce request and response messages are associated with the subsequent
request and response messages used to transmit the CSR, the transaction ID specified in
<xref section="5.1.1" sectionFormat="of" target="RFC9810"/> MUST be used.</t>
      <t>In the event of a possible error or if the RA/CA is unable or unwilling to deliver the
requested nonce, CMP offers several ways to indicate this. Which variant fits depends
on the circumstances.</t>
      <ul spacing="normal">
        <li>
          <t>Respond with an error message containing the <tt>PKIFailureInfo</tt> bit as defined by <xref target="RFC9483"/>.</t>
        </li>
        <li>
          <t>If HTTP or CoAP is used for transferring the general message, return a status code
on transfer level as described in <xref target="RFC9811"/> or <xref target="RFC9482"/>.</t>
        </li>
      </ul>
    </section>
    <section anchor="EST">
      <name>Use with EST</name>
      <t>The nonce request and nonce response message content is conveyed as JSON or CBOR
according to the CDDL definition, see <xref target="CDDL"/>, between end entity (EST client) and
RA/CA (EST server). A compliant EST server MUST provide an EST endpoint with
the path-segment /nonce for this operation.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Operation</th>
            <th align="left">Operation path</th>
            <th align="left">Details</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Request of a nonce</td>
            <td align="left">
              <tt>/nonce</tt></td>
            <td align="left">
              <xref target="EST"/></td>
          </tr>
        </tbody>
      </table>
      <t>Depending on whether additional parameters are to be transferred, the client
uses either the <tt>GET</tt> or <tt>POST</tt> method:</t>
      <ul spacing="normal">
        <li>
          <t>The <tt>GET</tt> method MUST be used if no optional content is to be transferred</t>
        </li>
        <li>
          <t>The <tt>POST</tt> method MUST be used if nonce request message content encoded in JSON
or CBOR is to be transferred.</t>
        </li>
      </ul>
      <section anchor="EST-https">
        <name>EST over HTTPS</name>
        <t>If the nonce request and nonce response message content is transferred over HTTPS,
the specification in <xref target="RFC7030"/> applies.</t>
        <t>The JSON nonce request object is formally described by the nonce-request CDDL
rule in <xref target="CDDL"/>. The JSON nonce response object is formally described by the
nonce-response-json CDDL rule in <xref target="CDDL"/>.</t>
        <t>The JSON structure has the following members:</t>
        <ul spacing="normal">
          <li>
            <t>The OPTIONAL "len" and "expiry" members, if present, MUST be unsigned
integers.</t>
          </li>
          <li>
            <t>The "nonce" member MUST either contain a zero-length string or the nonce
value between 8 and 64 bytes in length conveyed as a JSON string containing
the unpadded base64url encoding, as specified in <xref section="5" sectionFormat="of" target="RFC4648"/>.
Such encodings are between 11 and 86 characters in length.</t>
          </li>
          <li>
            <t>The OPTIONAL "reqTypeInfo" member (in requests) and "respTypeInfo" member
(in responses) are JSON objects that group the type-specific information.
Each object contains:
            </t>
            <ul spacing="normal">
              <li>
                <t>A "type" member, which MUST be a text string containing the object
identifier as a dotted-decimal OID.</t>
              </li>
              <li>
                <t>An OPTIONAL "reqInfo" or "respInfo" member whose contents are defined
by the OID in the corresponding "type" member.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>If the nonce request message was successful, the EST server MUST respond with an HTTP 200
status code and the nonce response message content MUST be encoded as a JSON object.
The HTTP 200 status code MUST also be used if the nonce is an empty string.</t>
        <t>In the event of a possible error, the EST server MUST respond with an HTTP
status code 400 (Bad Request) and MUST omit the nonce response message content. If the
nonce request message has been made correctly, but the EST server is unable or unwilling
to deliver the requested nonce, it MUST respond with an HTTP 503 (Service
Unavailable).</t>
        <t>The EST server MAY request HTTP-based client authentication as described in
<xref section="3.2.3" sectionFormat="of" target="RFC7030"/>.</t>
        <t>The following media types MUST be used as the Content-Type of the <tt>POST</tt> request
and the response.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Message type (per operation)</th>
              <th align="left">Media type(s)</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">NonceRequest</td>
              <td align="left">N/A (for GET) or<br/>application/est-attestation-freshness+json (for POST)</td>
              <td align="left">
                <xref target="EST-https"/></td>
            </tr>
            <tr>
              <td align="left">NonceResponse</td>
              <td align="left">application/est-attestation-freshness+json</td>
              <td align="left">
                <xref target="EST-https"/></td>
            </tr>
          </tbody>
        </table>
        <t>The following example shows a nonce request and nonce response message exchange without
transmitting optional parameters in the request:</t>
        <artwork><![CDATA[
GET /.well-known/est/nonce HTTP/1.1

HTTP/1.1 200 OK
Content-Type: application/est-attestation-freshness+json

{
  "nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
  "expiry": 600
}
]]></artwork>
        <t>The following example shows a nonce request and nonce response message exchange:</t>
        <artwork><![CDATA[
POST /.well-known/est/nonce HTTP/1.1
Content-Type: application/est-attestation-freshness+json

{
  "len": 32
}

HTTP/1.1 200 OK
Content-Type: application/est-attestation-freshness+json

{
  "nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
  "expiry": 600
}
]]></artwork>
        <t>To ensure that the nonce request and response messages are associated with the subsequent
request and response messages used to transmit the CSR, the EST server MUST use a
session-maintenance mechanism that binds the nonce request and response messages to the
subsequent request and response messages used to transmit the CSR. This can be achieved
by using the same (D)TLS session or by using an HTTP state mechanism, such as cookies,
when EST is transferred over HTTP. If the EST server cannot associate the CSR request
with the prior nonce request and response messages, it MUST NOT treat the CSR as
associated with the previously provided nonce.</t>
      </section>
      <section anchor="EST-coaps">
        <name>EST over Secure CoAP</name>
        <t>If the nonce request and nonce response message content is transferred via
secure CoAP, the specification in <xref target="RFC9148"/> applies.</t>
        <t>The CBOR nonce request object is formally described by the nonce-request CDDL
rule in <xref target="CDDL"/>. The CBOR nonce response object is formally described by the
nonce-response-cbor CDDL rule in <xref target="CDDL"/>.</t>
        <t>The CBOR structure has the following members:</t>
        <ul spacing="normal">
          <li>
            <t>All map keys are text strings.</t>
          </li>
          <li>
            <t>The "nonce" member MUST either contain a zero-length octet string or the nonce
value between 8 and 64 bytes in length conveyed as a CBOR byte string.</t>
          </li>
          <li>
            <t>The OPTIONAL "reqTypeInfo" member (in requests) and "respTypeInfo" member
(in responses) are CBOR maps that group the type-specific information.
Each map contains:
            </t>
            <ul spacing="normal">
              <li>
                <t>A "type" member, which is a text string containing the object identifier
in dotted-decimal notation.</t>
              </li>
              <li>
                <t>An OPTIONAL "reqInfo" or "respInfo" member containing type-specific CBOR
values. Their CBOR encoding is defined by the OID in the corresponding
"type" member.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>If the nonce request was successful, the EST server MUST respond to a GET
request with a code 2.05 and to a POST request with code 2.04 and the
nonce response message content MUST be encoded as a CBOR object.
The code 2.05 or code 2.04 MUST also be used if the nonce is a zero-length
byte string.</t>
        <t>In the event of a possible error, the EST server MUST respond with a code
4.00 (Bad Request) and MUST omit the nonce response message content. If the
nonce request has been made correctly, but the EST server is unable or
unwilling to deliver the requested nonce, it MUST respond with a code 5.03
(Service Unavailable).</t>
        <t>The following media type MUST be used for nonce request and nonce response message
content. The corresponding CoAP Content-Format value is used in the CoAP
Content-Format and Accept options as specified in <xref target="RFC9148"/>.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Message type (per operation)</th>
              <th align="left">Media type</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">NonceRequest<br/>NonceResponse</td>
              <td align="left">application/est-attestation-freshness+cbor</td>
              <td align="left">
                <xref target="EST-coaps"/></td>
            </tr>
          </tbody>
        </table>
        <t>To ensure that the nonce request and response messages are associated with the subsequent
request and response messages used to transmit the CSR, the EST-coaps server MUST use a
session-maintenance mechanism that binds the nonce request and response messages to the
subsequent request and response messages used to transmit the CSR. CoAP does not define
HTTP cookies. This association can be achieved by using the same secure CoAP security
association, such as the same DTLS connection, or by using an integrity-protected CoAP
mechanism that carries server-generated opaque state, such as the Echo option defined in
<xref target="RFC9175"/>. If the EST-coaps server cannot associate the CSR request with the prior
nonce request and response messages, it MUST NOT treat the CSR as associated with the
previously provided nonce.</t>
      </section>
    </section>
    <section anchor="CMC">
      <name>Use with CMC</name>
      <t>The nonce request and nonce response message content is conveyed as ASN.1,
see <xref target="ASN.1"/>, as CMC Controls in a Full PKI Request, see
<xref section="6" sectionFormat="of" target="I-D.ietf-lamps-rfc5272bis"/>. The received nonce can be
used for a CSR to be transferred in a Simple or Full PKI request.</t>
      <t>To transfer the controls, the content type <tt>id-data</tt> SHOULD be used.</t>
      <artwork><![CDATA[
cmc-nonceReq CMC-CONTROL ::=
    { NonceRequest IDENTIFIED BY id-cmc-nonceReq }
id-cmc-nonceReq OBJECT IDENTIFIER ::= { id-cmc TBD4 }

cmc-nonceResp CMC-CONTROL ::=
    { NonceResponse IDENTIFIED BY id-cmc-nonceResp }
id-cmc-nonceResp OBJECT IDENTIFIER ::= { id-cmc TBD5 }
]]></artwork>
      <t>The following example shows the nonce request and nonce response message content:</t>
      <artwork><![CDATA[
ContentInfo.contentType = id-data
ContentInfo.content
   controlSequence
      {101, id-cmc-transactionId, 10132985123483401}
      {102, id-cmc-senderNonce, 10001}
      {103, id-cmc-nonceReq, <NonceRequest>}

ContentInfo.contentType = id-data
ContentInfo.content
   controlSequence
      {101, id-cmc-transactionId, 10132985123483401}
      {102, id-cmc-senderNonce, 10005}
      {103, id-cmc-recipientNonce, 10001}
      {104, id-cmc-nonceResp, <NonceResponse>}
]]></artwork>
      <t>To ensure that the nonce request and response messages are associated with the subsequent
request and response messages used to transmit the CSR, the transaction identifier specified in
<xref section="6.6" sectionFormat="of" target="I-D.ietf-lamps-rfc5272bis"/> MUST be used. The same transaction identifier
MUST be used for the nonce request and response messages and for the subsequent request and
response messages used to transmit the CSR. The senderNonce and recipientNonce controls
specified in <xref section="6.6" sectionFormat="of" target="I-D.ietf-lamps-rfc5272bis"/> can be used to pair each CMC
request with its corresponding response, but they do not replace the transaction identifier
used to associate the nonce exchange with the subsequent CSR exchange.</t>
      <t>In the event of an error, or if the server is unable to provide the requested nonce,
the CMC Server MAY return status information about the request using either an
Extended CMC Status Info Control or a CMC Status Info Control, as defined in
<xref section="6.1" sectionFormat="of" target="I-D.ietf-lamps-rfc5272bis"/>.</t>
    </section>
    <section anchor="iana">
      <name>IANA Considerations</name>
      <section anchor="cmp">
        <name>CMP</name>
        <section anchor="well-known-uri-path-segment">
          <name>Well-Known URI Path Segment</name>
          <t>IANA is requested to add the following entry to the "CMP Well-Known URI Path
Segments" registry defined in <xref target="RFC8615"/>:</t>
          <table>
            <thead>
              <tr>
                <th align="left">Path Segment</th>
                <th align="left">Description</th>
                <th align="left">Reference</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">
                  <tt>getnonce</tt></td>
                <td align="left">Get Attestation Freshness Nonce over HTTP</td>
                <td align="left">This-RFC</td>
              </tr>
              <tr>
                <td align="left">
                  <tt>nonce</tt></td>
                <td align="left">Get Attestation Freshness Nonce over CoAP</td>
                <td align="left">This-RFC</td>
              </tr>
            </tbody>
          </table>
        </section>
        <section anchor="information-type">
          <name>Information Type</name>
          <t>IANA is requested to register the following object identifier in the
"SMI Security for PKIX CMP Information Types" registry
(1.3.6.1.5.5.7.4):</t>
          <table>
            <thead>
              <tr>
                <th align="left">Decimal</th>
                <th align="left">Description</th>
                <th align="left">Reference</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">TBD1</td>
                <td align="left">id-it-nonceRequest</td>
                <td align="left">This-RFC</td>
              </tr>
              <tr>
                <td align="left">TBD2</td>
                <td align="left">id-it-nonceResponse</td>
                <td align="left">This-RFC</td>
              </tr>
            </tbody>
          </table>
        </section>
      </section>
      <section anchor="est">
        <name>EST</name>
        <t>IANA is requested to register the following media types in the "Media Types"
registry <xref target="RFC6838"/>:</t>
        <section anchor="json-media-type">
          <name>JSON Media Type</name>
          <dl>
            <dt>Type name:</dt>
            <dd>
              <t>application</t>
            </dd>
            <dt>Subtype name:</dt>
            <dd>
              <t>est-attestation-freshness+json</t>
            </dd>
            <dt>Required parameters:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Optional parameters:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Encoding considerations:</dt>
            <dd>
              <t>binary</t>
            </dd>
            <dt>Security considerations:</dt>
            <dd>
              <t>See <xref target="sec-cons"/> of this RFC.</t>
            </dd>
            <dt>Interoperability considerations:</dt>
            <dd>
              <t>The same media type is used for EST attestation freshness nonce requests and
nonce responses. The protocol context determines whether the JSON payload is a
request or response.</t>
            </dd>
            <dt>Published specification:</dt>
            <dd>
              <t>This RFC.</t>
            </dd>
            <dt>Applications that use this media type:</dt>
            <dd>
              <t>EST implementations using attestation freshness nonces over HTTP.</t>
            </dd>
            <dt>Fragment identifier considerations:</dt>
            <dd>
              <t>The syntax and semantics of fragment identifiers are as specified for
"application/json". At publication of this specification, no fragment
identification syntax is defined for "application/json".</t>
            </dd>
            <dt>Additional information:</dt>
            <dd>
              <t>Deprecated alias names for this type: N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>Magic number(s): N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>File extension(s): N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>Macintosh file type code(s): N/A</t>
            </dd>
            <dt>Person &amp; email address to contact for further information:</dt>
            <dd>
              <t>IETF LAMPS Working Group (spasm@ietf.org)</t>
            </dd>
            <dt>Intended usage:</dt>
            <dd>
              <t>COMMON</t>
            </dd>
            <dt>Restrictions on usage:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Author:</dt>
            <dd>
              <t>IETF LAMPS Working Group</t>
            </dd>
            <dt>Change controller:</dt>
            <dd>
              <t>IETF</t>
            </dd>
          </dl>
        </section>
        <section anchor="cbor-media-type">
          <name>CBOR Media Type</name>
          <dl>
            <dt>Type name:</dt>
            <dd>
              <t>application</t>
            </dd>
            <dt>Subtype name:</dt>
            <dd>
              <t>est-attestation-freshness+cbor</t>
            </dd>
            <dt>Required parameters:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Optional parameters:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Encoding considerations:</dt>
            <dd>
              <t>binary</t>
            </dd>
            <dt>Security considerations:</dt>
            <dd>
              <t>See <xref target="sec-cons"/> of this RFC.</t>
            </dd>
            <dt>Interoperability considerations:</dt>
            <dd>
              <t>The same media type is used for EST attestation freshness nonce requests and
nonce responses. The protocol context determines whether the CBOR payload is a
request or response.</t>
            </dd>
            <dt>Published specification:</dt>
            <dd>
              <t>This RFC.</t>
            </dd>
            <dt>Applications that use this media type:</dt>
            <dd>
              <t>EST implementations using attestation freshness nonces over CoAP.</t>
            </dd>
            <dt>Fragment identifier considerations:</dt>
            <dd>
              <t>The syntax and semantics of fragment identifiers are as specified for
"application/cbor". At publication of this specification, no fragment
identification syntax is defined for "application/cbor".</t>
            </dd>
            <dt>Additional information:</dt>
            <dd>
              <t>Deprecated alias names for this type: N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>Magic number(s): N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>File extension(s): N/A</t>
            </dd>
            <dt/>
            <dd>
              <t>Macintosh file type code(s): N/A</t>
            </dd>
            <dt>Person &amp; email address to contact for further information:</dt>
            <dd>
              <t>IETF LAMPS Working Group (spasm@ietf.org)</t>
            </dd>
            <dt>Intended usage:</dt>
            <dd>
              <t>COMMON</t>
            </dd>
            <dt>Restrictions on usage:</dt>
            <dd>
              <t>N/A</t>
            </dd>
            <dt>Author:</dt>
            <dd>
              <t>IETF LAMPS Working Group</t>
            </dd>
            <dt>Change controller:</dt>
            <dd>
              <t>IETF</t>
            </dd>
          </dl>
        </section>
        <section anchor="coap-content-format">
          <name>CoAP Content-Format</name>
          <t>IANA is requested to register the following Content-Format in the "CoAP
Content-Formats" subregistry within the "CoRE Parameters" registry
<xref target="RFC7252"/>. This registration uses the IETF Review or IESG Approval range
defined for that registry.</t>
          <table>
            <thead>
              <tr>
                <th align="left">Media Type</th>
                <th align="left">ID</th>
                <th align="left">Reference</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">application/est-attestation-freshness+cbor</td>
                <td align="left">TBD3</td>
                <td align="left">This-RFC</td>
              </tr>
            </tbody>
          </table>
        </section>
      </section>
      <section anchor="cmc">
        <name>CMC</name>
        <section anchor="control">
          <name>Control</name>
          <t>IANA is requested to register the following object identifier in the
"SMI Security for PKIX CMC Controls" registry (1.3.6.1.5.5.7.7):</t>
          <table>
            <thead>
              <tr>
                <th align="left">Decimal</th>
                <th align="left">Description</th>
                <th align="left">Reference</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">TBD4</td>
                <td align="left">
                  <tt>id-cmc-nonceReq</tt></td>
                <td align="left">This-RFC</td>
              </tr>
              <tr>
                <td align="left">TBD5</td>
                <td align="left">
                  <tt>id-cmc-nonceResp</tt></td>
                <td align="left">This-RFC</td>
              </tr>
            </tbody>
          </table>
        </section>
      </section>
      <section anchor="asn1-module">
        <name>ASN.1 Module</name>
        <t>IANA is requested to register the following ASN.1 <xref target="X.680"/> module OID in the
"SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0). This
OID is defined in <xref target="asn1"/>.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Decimal</th>
              <th align="left">Description</th>
              <th align="left">References</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBDMOD</td>
              <td align="left">
                <tt>id-mod-att-fresh-req</tt></td>
              <td align="left">This-RFC</td>
            </tr>
          </tbody>
        </table>
      </section>
    </section>
    <section anchor="operations">
      <name>Operational Considerations</name>
      <t>When the RA/CA is requested to provide a nonce to an end entity, it
can generate the nonce locally or obtain it through an interaction
with the Verifier. According to the IETF RATS architecture <xref target="RFC9334"/>,
the Verifier is responsible for validating Evidence about an Attester
and generating Attestation Results for use by a Relying Party.</t>
      <t>The nonce value MUST contain a random byte sequence with at least 64 bits
of entropy. The RA/CA MUST ensure that a nonce it generates is unique and
MUST NOT be reused. If the RA/CA obtains a nonce from the Verifier, it
MUST ensure that the Verifier utilizes the same policy for uniqueness and
non-reuse properties. The length of the nonce depends on the remote
attestation technology in use, as specific nonce
lengths may be required by the end entity. This specification assumes
that the RA/CA possesses knowledge, either out-of-band or through the
len field in the nonce request message, regarding the required nonce length for
the attestation technology. Nonces of incorrect length may cause the
remote attestation protocol to fail.</t>
      <t>For instance, the PSA attestation token <xref target="RFC9783"/>
supports nonce lengths of 32, 48, and 64 bytes. Other attestation
technologies employ nonces of similar lengths.</t>
      <t>The end entity MUST use the received nonce if the remote attestation
technology used supports the requested length. If the selected attestation
statement type defines a deterministic nonce transformation for use by a
specific Attester or sub-Attester, the end entity MUST apply only that
transformation and only for the purpose defined by that specification.</t>
      <t>If attestation-type-specific response information is returned with the
nonce, the end entity MUST process that information according to the
selected type when invoking the attestation technology. Such information
MAY include parameters or metadata needed to apply, identify, or validate
a deterministic nonce transformation defined by the attestation statement
type.</t>
      <t>While this specification does not address the semantics of the attestation API
or the underlying software/hardware architecture, the API returns Evidence from
the Attester in a format specific to the attestation technology used and
identified by the <tt>AttestationStatement</tt> type. The returned Evidence is encapsulated
in the <tt>AttestationStatement</tt> within the <tt>AttestationBundle</tt> carried in the CSR, as
defined in <xref target="I-D.ietf-lamps-csr-attestation"/>. The software generating the CSR
treats the attestation statement payload as an opaque blob and does not
interpret its format. It is crucial to note that the nonce is included in the
Evidence, either implicitly or explicitly, and MUST NOT be conveyed in CSR
structures outside of the attestation payload.</t>
      <t>The freshness established by the nonce applies to the Evidence as
bound to the nonce used by the attestation technology. This
specification does not assign independent freshness semantics to other claims
contained in the Evidence. The interpretation of any other claim, including
whether it represents current state, historical state, configuration state, or
measurement results, is defined by the attestation technology, the appraisal
policy, and the Verifier or Relying Party processing rules.</t>
      <t>Using nonces causes the Relying Party to create state for outstanding
freshness challenges. This state increases the attack surface for denial-of-service
attacks, for example by causing the Relying Party to allocate memory for many
nonce requests that never result in corresponding Evidence. Relying Parties
SHOULD reduce this exposure by limiting nonce lifetimes, bounding the number of
outstanding nonces, applying rate limits, associating nonce state with an
authenticated or otherwise constrained requester where possible, and promptly
discarding expired state. The use of a stateless cookie mechanism to reduce this
state-management burden is also possible but not further detailed in this
specification.</t>
    </section>
    <section anchor="sec-cons">
      <name>Security Considerations</name>
      <t>This specification details the process of obtaining a nonce via CMP, EST,
and CMC. Therefore, the security considerations of these protocols apply. Regarding
the use of attestation statements in a CSR, the security considerations
outlined in <xref target="I-D.ietf-lamps-csr-attestation"/> are pertinent to this
specification.</t>
      <t>The nonce itself does not generally require confidentiality
protection while maintaining the security properties of the remote
attestation protocol. However, optional attestation-type-specific
request or response information conveyed together with the nonce MAY
reveal privacy-sensitive or deployment-sensitive information, such as
platform topology, certificate identifiers, or measurement selections.
<xref target="RFC9334"/> defines the IETF remote attestation architecture and
extensively discusses nonce-based freshness.</t>
      <t>Specific attestation technology specifications such as <xref target="RFC9711"/> and
<xref target="RFC9783"/> offer guidance on replay protection using nonces. This
document defers specific recommendations to those specifications.</t>
      <t>If an attestation technology or Composite Attester profile transforms a
received nonce before embedding it in Evidence, that transformation MUST
be deterministic, MUST preserve at least the minimum entropy required by
the attestation technology, and MUST provide the Verifier with enough
information to reconstruct or validate the transformed value when needed.
Specifications defining such transformations SHOULD use well-analyzed
cryptographic mechanisms for nonce expansion or size adjustment to ensure
that the resulting entropy and security properties remain acceptable.</t>
      <t>If attestation-type-specific nonce exchange information is used, the
corresponding specification MUST define the syntax and semantics of that
information, including any confidentiality requirements. Implementations
SHOULD minimize the amount of such information returned by the RA/CA and
SHOULD protect it using the message or transport security mechanisms of
the enrollment protocol when confidentiality is required by deployment
policy or by the attestation technology specification.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-csr-attestation">
          <front>
            <title>Use of Remote Attestation with Certification Signing Requests</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Siemens</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Monty Wiseman" initials="M." surname="Wiseman">
              <organization>Independent</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
         </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   Certification Authorities (CAs) issuing certificates to Public Key
   Infrastructure (PKI) end entities may require a certificate signing
   request (CSR) to include additional verifiable information to confirm
   policy compliance.  For example, a CA may require an end entity to
   demonstrate that the private key corresponding to a CSR's public key
   is secured by a hardware security module (HSM), is not exportable,
   etc.  The process of generating, transmitting, and verifying
   additional information required by the CA is called remote
   attestation.  While work is currently underway to standardize various
   aspects of remote attestation, a variety of proprietary mechanisms
   have been in use for years, particularly regarding protection of
   private keys.

   This specification defines ASN.1 structures which may carry
   attestation data for PKCS#10 and Certificate Request Message Format
   (CRMF) messages.  Both standardized and proprietary attestation
   formats are supported by this specification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-csr-attestation-28"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-rfc5272bis">
          <front>
            <title>Certificate Management over CMS (CMC)</title>
            <author fullname="Joe Mandel" initials="J." surname="Mandel">
              <organization>AKAYLA, Inc.</organization>
            </author>
            <author fullname="Sean Turner" initials="S." surname="Turner">
              <organization>sn3rd</organization>
            </author>
            <date day="26" month="February" year="2026"/>
            <abstract>
              <t>   This document defines the base syntax for CMC, a Certificate
   Management protocol using the Cryptographic Message Syntax (CMS).
   This protocol addresses two immediate needs within the Internet
   Public Key Infrastructure (PKI) community:

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-rfc5272bis-11"/>
        </reference>
        <reference anchor="RFC9810">
          <front>
            <title>Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP)</title>
            <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
            <author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/>
            <author fullname="M. Ounsworth" initials="M." surname="Ounsworth"/>
            <author fullname="J. Gray" initials="J." surname="Gray"/>
            <date month="July" year="2025"/>
            <abstract>
              <t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides interactions between client systems and PKI components such as a Registration Authority (RA) and a Certification Authority (CA).</t>
              <t>This document adds support for management of certificates containing a Key Encapsulation Mechanism (KEM) public key and uses EnvelopedData instead of EncryptedValue. This document also includes the updates specified in Section 2 and Appendix A.2 of RFC 9480.</t>
              <t>This document obsoletes RFC 4210, and together with RFC 9811, it also obsoletes RFC 9480. Appendix F of this document updates Section 9 of RFC 5912.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9810"/>
          <seriesInfo name="DOI" value="10.17487/RFC9810"/>
        </reference>
        <reference anchor="RFC7030">
          <front>
            <title>Enrollment over Secure Transport</title>
            <author fullname="M. Pritikin" initials="M." role="editor" surname="Pritikin"/>
            <author fullname="P. Yee" initials="P." role="editor" surname="Yee"/>
            <author fullname="D. Harkins" initials="D." role="editor" surname="Harkins"/>
            <date month="October" year="2013"/>
            <abstract>
              <t>This document profiles certificate enrollment for clients using Certificate Management over CMS (CMC) messages over a secure transport. This profile, called Enrollment over Secure Transport (EST), describes a simple, yet functional, certificate management protocol targeting Public Key Infrastructure (PKI) clients that need to acquire client certificates and associated Certification Authority (CA) certificates. It also supports client-generated public/private key pairs as well as key pairs generated by the CA.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7030"/>
          <seriesInfo name="DOI" value="10.17487/RFC7030"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC9148">
          <front>
            <title>EST-coaps: Enrollment over Secure Transport with the Secure Constrained Application Protocol</title>
            <author fullname="P. van der Stok" initials="P." surname="van der Stok"/>
            <author fullname="P. Kampanakis" initials="P." surname="Kampanakis"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="S. Raza" initials="S." surname="Raza"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>Enrollment over Secure Transport (EST) is used as a certificate provisioning protocol over HTTPS. Low-resource devices often use the lightweight Constrained Application Protocol (CoAP) for message exchanges. This document defines how to transport EST payloads over secure CoAP (EST-coaps), which allows constrained devices to use existing EST functionality for provisioning certificates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9148"/>
          <seriesInfo name="DOI" value="10.17487/RFC9148"/>
        </reference>
        <reference anchor="RFC9175">
          <front>
            <title>Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing</title>
            <author fullname="C. Amsüss" initials="C." surname="Amsüss"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="February" year="2022"/>
            <abstract>
              <t>This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9175"/>
          <seriesInfo name="DOI" value="10.17487/RFC9175"/>
        </reference>
        <reference anchor="RFC8615">
          <front>
            <title>Well-Known Uniform Resource Identifiers (URIs)</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <date month="May" year="2019"/>
            <abstract>
              <t>This memo defines a path prefix for "well-known locations", "/.well-known/", in selected Uniform Resource Identifier (URI) schemes.</t>
              <t>In doing so, it obsoletes RFC 5785 and updates the URI schemes defined in RFC 7230 to reserve that space. It also updates RFC 7595 to track URI schemes that support well-known URIs in their registry.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8615"/>
          <seriesInfo name="DOI" value="10.17487/RFC8615"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8259">
          <front>
            <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
            <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/>
            <date month="December" year="2017"/>
            <abstract>
              <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.</t>
              <t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="90"/>
          <seriesInfo name="RFC" value="8259"/>
          <seriesInfo name="DOI" value="10.17487/RFC8259"/>
        </reference>
        <reference anchor="RFC4648">
          <front>
            <title>The Base16, Base32, and Base64 Data Encodings</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <date month="October" year="2006"/>
            <abstract>
              <t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4648"/>
          <seriesInfo name="DOI" value="10.17487/RFC4648"/>
        </reference>
        <reference anchor="RFC6838">
          <front>
            <title>Media Type Specifications and Registration Procedures</title>
            <author fullname="N. Freed" initials="N." surname="Freed"/>
            <author fullname="J. Klensin" initials="J." surname="Klensin"/>
            <author fullname="T. Hansen" initials="T." surname="Hansen"/>
            <date month="January" year="2013"/>
            <abstract>
              <t>This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="13"/>
          <seriesInfo name="RFC" value="6838"/>
          <seriesInfo name="DOI" value="10.17487/RFC6838"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9482">
          <front>
            <title>Constrained Application Protocol (CoAP) Transfer for the Certificate Management Protocol</title>
            <author fullname="M. Sahni" initials="M." role="editor" surname="Sahni"/>
            <author fullname="S. Tripathi" initials="S." role="editor" surname="Tripathi"/>
            <date month="November" year="2023"/>
            <abstract>
              <t>This document specifies the use of the Constrained Application Protocol (CoAP) as a transfer mechanism for the Certificate Management Protocol (CMP). CMP defines the interaction between various PKI entities for the purpose of certificate creation and management. CoAP is an HTTP-like client-server protocol used by various constrained devices in the Internet of Things space.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9482"/>
          <seriesInfo name="DOI" value="10.17487/RFC9482"/>
        </reference>
        <reference anchor="RFC9811">
          <front>
            <title>Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP)</title>
            <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
            <author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/>
            <author fullname="M. Ounsworth" initials="M." surname="Ounsworth"/>
            <author fullname="J. Gray" initials="J." surname="Gray"/>
            <date month="July" year="2025"/>
            <abstract>
              <t>This document describes how to layer the Certificate Management Protocol (CMP) over HTTP.</t>
              <t>It includes the updates to RFC 6712 specified in Section 3 of RFC 9480; these updates introduce CMP URIs using a well-known prefix. It obsoletes RFC 6712; and, together with RFC 9810, it also obsoletes RFC 9480.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9811"/>
          <seriesInfo name="DOI" value="10.17487/RFC9811"/>
        </reference>
        <reference anchor="X.680" target="https://www.itu.int/rec/T-REC.X.680">
          <front>
            <title>Information Technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date year="2021" month="February"/>
          </front>
          <seriesInfo name="ITU-T Recommendation X.680" value=""/>
        </reference>
        <reference anchor="X.690" target="https://www.itu.int/rec/T-REC.X.690">
          <front>
            <title>Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date year="2021" month="February"/>
          </front>
          <seriesInfo name="ITU-T Recommendation X.690" value=""/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.ietf-rats-msg-wrap">
          <front>
            <title>RATS Conceptual Messages Wrapper (CMW)</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
              <organization>Independent</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Dionna Glaze" initials="D." surname="Glaze">
              <organization>Google LLC</organization>
            </author>
            <date day="11" month="December" year="2025"/>
            <abstract>
              <t>   The Conceptual Messages introduced by the RATS architecture (RFC
   9334) are protocol-agnostic data units that are conveyed between RATS
   roles during remote attestation procedures.  Conceptual Messages
   describe the meaning and function of such data units within RATS data
   flows without specifying a wire format, encoding, transport
   mechanism, or processing details.  The initial set of Conceptual
   Messages is defined in Section 8 of RFC 9334 and includes Evidence,
   Attestation Results, Endorsements, Reference Values, and Appraisal
   Policies.

   This document introduces the Conceptual Message Wrapper (CMW) that
   provides a common structure to encapsulate these messages.  It
   defines a dedicated CBOR tag, corresponding JSON Web Token (JWT) and
   CBOR Web Token (CWT) claims, and an X.509 extension.

   This allows CMWs to be used in CBOR-based protocols, web APIs using
   JWTs and CWTs, and PKIX artifacts like X.509 certificates.
   Additionally, the draft defines a media type and a CoAP content
   format to transport CMWs over protocols like HTTP, MIME, and CoAP.

   The goal is to improve the interoperability and flexibility of remote
   attestation protocols.  Introducing a shared message format such as
   CMW enables consistent support for different attestation message
   types, evolving message serialization formats without breaking
   compatibility, and avoiding the need to redefine how messages are
   handled within each protocol.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-msg-wrap-23"/>
        </reference>
        <reference anchor="I-D.richardson-rats-composite-attesters">
          <front>
            <title>Taxonomy of Composite Attesters</title>
            <author fullname="Michael Richardson" initials="M." surname="Richardson">
              <organization>Sandelman Software Works</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>Arm</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document clarifies and extends the meaning of Composite Attester
   from RFC9334.  A system of annotated diagram components is defined as
   a small language to explain the different ways that components can
   interact to form composites.  These diagram components are then used
   to define a few popular classes of composites.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-richardson-rats-composite-attesters-04"/>
        </reference>
        <reference anchor="I-D.ietf-rats-reference-interaction-models">
          <front>
            <title>Reference Interaction Models for Remote Attestation Procedures</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Michael Eckel" initials="M." surname="Eckel">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Wei Pan" initials="W." surname="Pan">
              <organization>Huawei Technologies</organization>
            </author>
            <author fullname="Eric Voit" initials="E." surname="Voit">
              <organization>Cisco Systems</organization>
            </author>
            <date day="2" month="April" year="2026"/>
            <abstract>
              <t>   This document describes interaction models for remote attestation
   procedures (RATS) [RFC9334].  Three conveying mechanisms --
   Challenge/Response, Uni-Directional, and Streaming Remote Attestation
   -- are illustrated and defined.  Analogously, a general overview
   about the information elements typically used by corresponding
   conveyance protocols are highlighted.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-reference-interaction-models-17"/>
        </reference>
        <reference anchor="RFC2986">
          <front>
            <title>PKCS #10: Certification Request Syntax Specification Version 1.7</title>
            <author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
            <author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
            <date month="November" year="2000"/>
            <abstract>
              <t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2986"/>
          <seriesInfo name="DOI" value="10.17487/RFC2986"/>
        </reference>
        <reference anchor="RFC4211">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="September" year="2005"/>
            <abstract>
              <t>This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4211"/>
          <seriesInfo name="DOI" value="10.17487/RFC4211"/>
        </reference>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC9483">
          <front>
            <title>Lightweight Certificate Management Protocol (CMP) Profile</title>
            <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
            <author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/>
            <author fullname="S. Fries" initials="S." surname="Fries"/>
            <date month="November" year="2023"/>
            <abstract>
              <t>This document aims at simple, interoperable, and automated PKI management operations covering typical use cases of industrial and Internet of Things (IoT) scenarios. This is achieved by profiling the Certificate Management Protocol (CMP), the related Certificate Request Message Format (CRMF), and transfer based on HTTP or Constrained Application Protocol (CoAP) in a succinct but sufficiently detailed and self-contained way. To make secure certificate management for simple scenarios and constrained devices as lightweight as possible, only the most crucial types of operations and options are specified as mandatory. More specialized or complex use cases are supported with optional features.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9483"/>
          <seriesInfo name="DOI" value="10.17487/RFC9483"/>
        </reference>
        <reference anchor="RFC9684">
          <front>
            <title>A YANG Data Model for Challenge-Response-Based Remote Attestation (CHARRA) Procedures Using Trusted Platform Modules (TPMs)</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="M. Eckel" initials="M." surname="Eckel"/>
            <author fullname="S. Bhandari" initials="S." surname="Bhandari"/>
            <author fullname="E. Voit" initials="E." surname="Voit"/>
            <author fullname="B. Sulzen" initials="B." surname="Sulzen"/>
            <author fullname="L. Xia" initials="L." surname="Xia"/>
            <author fullname="T. Laffey" initials="T." surname="Laffey"/>
            <author fullname="G. C. Fedorkow" initials="G. C." surname="Fedorkow"/>
            <date month="December" year="2024"/>
            <abstract>
              <t>This document defines the YANG Remote Procedure Calls (RPCs) and configuration nodes that are required to retrieve attestation evidence about integrity measurements from a device, following the operational context defined in RFC 9683 "TPM-based Network Device Remote Integrity Verification". Complementary measurement logs originating from one or more Roots of Trust for Measurement (RTMs) are also provided by the YANG RPCs. The defined module requires the inclusion of the following in the device components of the composite device on which the YANG server is running: at least one Trusted Platform Module (TPM) of either version 1.2 or 2.0 as well as a corresponding TPM Software Stack (TSS), or an equivalent hardware implementation that includes the protected capabilities as provided by TPMs as well as a corresponding software stack.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9684"/>
          <seriesInfo name="DOI" value="10.17487/RFC9684"/>
        </reference>
        <reference anchor="RFC9783">
          <front>
            <title>Arm's Platform Security Architecture (PSA) Attestation Token</title>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="S. Frost" initials="S." surname="Frost"/>
            <author fullname="M. Brossard" initials="M." surname="Brossard"/>
            <author fullname="A. Shaw" initials="A." surname="Shaw"/>
            <author fullname="T. Fossati" initials="T." surname="Fossati"/>
            <date month="June" year="2025"/>
            <abstract>
              <t>Arm's Platform Security Architecture (PSA) is a family of hardware and firmware security specifications, along with open-source reference implementations, aimed at helping device makers and chip manufacturers integrate best-practice security into their products. Devices that comply with PSA can generate attestation tokens as described in this document, which serve as the foundation for various protocols, including secure provisioning and network access control. This document specifies the structure and semantics of the PSA attestation token.</t>
              <t>The PSA attestation token is a profile of the Entity Attestation Token (EAT). This specification describes the claims used in an attestation token generated by PSA-compliant systems, how these claims are serialized for transmission, and how they are cryptographically protected.</t>
              <t>This Informational document is published as an Independent Submission to improve interoperability with Arm's architecture. It is not a standard nor a product of the IETF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9783"/>
          <seriesInfo name="DOI" value="10.17487/RFC9783"/>
        </reference>
        <reference anchor="RFC9711">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author fullname="L. Lundblade" initials="L." surname="Lundblade"/>
            <author fullname="G. Mandyam" initials="G." surname="Mandyam"/>
            <author fullname="J. O'Donoghue" initials="J." surname="O'Donoghue"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>An Entity Attestation Token (EAT) provides an attested claims set that describes the state and characteristics of an entity, a device such as a smartphone, an Internet of Things (IoT) device, network equipment, or such. This claims set is used by a relying party, server, or service to determine the type and degree of trust placed in the entity.</t>
              <t>An EAT is either a CBOR Web Token (CWT) or a JSON Web Token (JWT) with attestation-oriented claims.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9711"/>
          <seriesInfo name="DOI" value="10.17487/RFC9711"/>
        </reference>
      </references>
    </references>
    <?line 1005?>

<section anchor="appx-tpm-pcr-example">
      <name>Example: TPM 2.0 PCR Selection for <tt>reqInfo</tt> and <tt>respInfo</tt></name>
      <t>This appendix provides an informative example showing how <tt>reqInfo</tt> and
<tt>respInfo</tt> can be used with a TPM 2.0-based attestation procedure such as the
challenge-response exchange described in <xref section="2.1.1.3.2" sectionFormat="of" target="RFC9684"/>.</t>
      <t>In this example, the end entity wants to obtain a nonce for use with a TPM 2.0
attestation statement. The end entity first requests a nonce from the
Relying Party or Verifier. The <tt>reqInfo</tt> field can carry optional information
from the Attester side that helps the Verifier prepare the TPM 2.0 challenge,
such as which Attestation Key certificates are available.</t>
      <t>The resulting <tt>NonceResponse</tt> corresponds to the TPM 2.0 challenge parameters
from <xref target="RFC9684"/>, with one exception: the <tt>nonce-value</tt> from the RFC 9684
challenge is conveyed in this document's top-level <tt>nonce</tt> field rather than
inside <tt>respInfo</tt>. The remaining challenge parameters, such as the selected PCR
bank, PCR indices, and the selected Attestation Key certificate, are conveyed
in <tt>respInfo</tt>.</t>
      <t>The exact syntax of <tt>reqInfo</tt> and <tt>respInfo</tt> is defined by the nonce-exchange
type identified in the <tt>type</tt> field. The JSON objects below are only examples
used to explain the role of these fields:</t>
      <artwork><![CDATA[
NonceRequest = {
  "len": 32,
  "type": "1.2.3.4.5",
  "reqInfo": {
    "certificate-name": ["aik-1", "aik-2"],
    "supported-hash-algo": ["TPM_ALG_SHA256"]
  }
}

NonceResponse = {
  "nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
  "expiry": 600,
  "type": "1.2.3.4.6",
  "respInfo": {
    "tpm20-pcr-selection": [
      {
        "tpm20-hash-algo": "TPM_ALG_SHA256",
        "pcr-index": [0, 1, 2, 3]
      }
    ],
    "certificate-name": "aik-1"
  }
}
]]></artwork>
      <t>In this example:</t>
      <ul spacing="normal">
        <li>
          <t><tt>reqInfo.certificate-name</tt> lets the Attester indicate more than one available
Attestation Key certificate when multiple TPM attestation keys are present.</t>
        </li>
        <li>
          <t><tt>respInfo.tpm20-pcr-selection</tt> identifies the PCR bank and PCR indices that
the Attester is expected to include in the TPM quote or equivalent Evidence.</t>
        </li>
        <li>
          <t><tt>respInfo.certificate-name</tt> identifies which Attestation Key certificate the
Attester is to use when generating the fresh Evidence associated with the
returned nonce.</t>
        </li>
      </ul>
      <t>This example is intended only to explain the purpose of <tt>reqInfo</tt> and
<tt>respInfo</tt>. It does not define a new nonce-exchange type, a new OID, or a TPM
attestation profile. The TPM quote itself, its signature, and any optional
unsigned PCR values are conveyed later as Evidence and are not part of
<tt>respInfo</tt>.</t>
    </section>
    <section anchor="asn1">
      <name>ASN.1 Module</name>
      <t>The following module adheres to ASN.1 specifications <xref target="X.680"/> and
<xref target="X.690"/>.</t>
      <sourcecode type="asn1"><![CDATA[
<CODE BEGINS>

Att-Fresh-Req
  { iso(1) identified-organization(3) dod(6) internet(1)
  security(5) mechanisms(5) pkix(7) id-mod(0)
  id-mod-att-fresh-req (TBDMOD) }

DEFINITIONS IMPLICIT TAGS ::=
BEGIN
EXPORTS ALL;
IMPORTS

id-it
  FROM PKIXCMP-2023
    { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-cmp2023-02(116) }

id-cmc, CMC-CONTROL
FROM EnrollmentMessageSyntax-2025
   { iso(1) identified-organization(3) dod(6) internet(1)
   security(5) mechanisms(5) pkix(7) id-mod(0)
   id-mod-enrollMsgSyntax-2025(TBDCMC) }
-- RFC Editor: TBDCMC shall be TBD1 as defined by
--   Section 11 of draft-ietf-lamps-rfc5272bis

;

-- NonceRequest and NonceResponse types

ATTESTATION-NONCE-REQUEST ::= TYPE-IDENTIFIER

AttestationNonceRequestSet ATTESTATION-NONCE-REQUEST ::= {
   ... -- None defined in this document --
}

ATTESTATION-NONCE-RESPONSE ::= TYPE-IDENTIFIER

AttestationNonceResponseSet ATTESTATION-NONCE-RESPONSE ::= {
   ... -- None defined in this document --
}

NonceRequestTypeInfo ::= SEQUENCE {
    type ATTESTATION-NONCE-REQUEST.&id(
                 {AttestationNonceRequestSet}),
    -- identifies the nonce-request syntax for the selected
    --   attestation statement type
    reqInfo  ATTESTATION-NONCE-REQUEST.&Type(
                 {AttestationNonceRequestSet}{@type}) OPTIONAL
    -- contains type-specific nonce-request information
}

NonceResponseTypeInfo ::= SEQUENCE {
    type ATTESTATION-NONCE-RESPONSE.&id(
                 {AttestationNonceResponseSet}),
    -- identifies the nonce-response syntax for the selected
    --   attestation statement type
    respInfo ATTESTATION-NONCE-RESPONSE.&Type(
                 {AttestationNonceResponseSet}{@type}) OPTIONAL
    -- contains type-specific nonce-response information
}

 NonceRequest ::= SEQUENCE {
    len      INTEGER (8..64) OPTIONAL,
    -- indicates the required length of the requested nonce
    reqTypeInfo NonceRequestTypeInfo OPTIONAL
 }

 NonceResponse ::= SEQUENCE {
    nonce    OCTET STRING (SIZE(0 | 8..64)),
    -- contains the nonce of length len
    -- a zero-length OCTET STRING indicates that no freshness
    --   proof is required
    expiry   INTEGER OPTIONAL,
    -- indicates how long in seconds the nonce issuer considers
    --   the nonce valid
    respTypeInfo NonceResponseTypeInfo OPTIONAL
 }
 id-it-nonceRequest OBJECT IDENTIFIER ::= { id-it TBD1 }
    NonceRequestValue ::= NonceRequest

 id-it-nonceResponse OBJECT IDENTIFIER ::= { id-it TBD2 }
    NonceResponseValue ::= NonceResponse

 cmc-nonceReq CMC-CONTROL ::=
     { NonceRequest IDENTIFIED BY id-cmc-nonceReq }
 id-cmc-nonceReq OBJECT IDENTIFIER ::= { id-cmc TBD4 }

 cmc-nonceResp CMC-CONTROL ::=
     { NonceResponse IDENTIFIED BY id-cmc-nonceResp }
 id-cmc-nonceResp OBJECT IDENTIFIER ::= { id-cmc TBD5 }

END
<CODE ENDS>
]]></sourcecode>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>We would like to thank Russ Housley, Thomas Fossati, Watson Ladd, Ionut Mihalcea,
Carl Wallace, and Michael StJohns for their review comments.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+19+3PbRpLw7/NXTMlVZ2mXpCVKtmVtki+0JDtKrMeJzGVz
V3srEBxJiEGAB4CSGVv3t3/9mCcASpTj3OWqon1YAgY9Mz09/Zrunm63K272
5LaY5HEWTdWelJMiuqy6iaouu2k0nZXdqKpUWUVVkmfdy0KV15kqy+7mroij
ak+W1UQks2JPVsW8rPqbm682+yLOs1Jl5bzck0/huXoqyvl4mpQlwKgWM+jm
6HD0RqRRdrUnVSZmyZ6QsriM1aSsFim8X6gSnlR57P2aZBOVVeZBmRdVoS5L
+/diGvxZFUlsG8f5dArf2rdJliaZ60Z9qLppUlZdADLOU2jWzf/yV3gDaJlG
s1mC48S2VVLh6M7Vf80BJ/BYRvKNwYk8ybNYycu8kAOHM3l4k8C44UWSyX1V
VMllAphTcphcZQhBAytFNB4XClbDAURQwefDc2hWqAjwrmJxC6N6Nzg+G8qf
8uI9wnpb5POZeK8Wt3kx2RNdAD7NoS9vPPDwnlHU3h5HWXSlEHXyrMhhDfJU
ru8fn21Au8OsyNOU3uU3qpBDFc8LJUdFlJUzWBy5fjgcbSwHSB/tHw8R4P6G
mMDrPdnf7L8QV0l1PR/vybXbK6bBZ/dQ4pqAR9nkn1GamxWN5tV1XgBJdaXE
tYb1/K4nR2V8nV+qLLkSkn6Y4L+LMgDTfJsXgN1hgmMt9SOzQOFToDSlgNJ+
UkWmiu4NDE436A6rIipLJbd00zifQI9Pdze3t7efmmdJtdiTx/Msia9ts3lW
FfD0rSqmUbbQj9U0StI9eU0D7lV2wN9eTT/0MlXV5vu6yOP319G8DKerskmR
vG+8/eNOlwfcG5sBf1tydz3Y1LrpvEigYVXNyr1nz25vb3tBE4eV73tIgBOV
Bij5PlfhY8LF4IfBz+8GHXmUxb0aQvhVOMxfcvVt9D5apFG90yGQ3hxxFXQ6
VFEWPqdey2y7mISQS2j5LT0nyCLLAUtVcqOQZ56/2e9vbb3CX4+6Bz2Pbcdl
4W+YlhbAb5/3X/bHSakhvdrd2tS/vtzctr/2n/dNg62dXfvry+f6190XW96v
5rPd/vNX+tedF/azF7vb5tfdVzumwaud3b4bwxb++vfei10CBew5Kq6Q4vwF
Tqp5L8mqZ4WKn42654f7PfqA2zOT/kaj8Si7ZIwBLx6p+DrL0/xqAQs0GAMt
R3Elh4usij4A+9Yc+zRTcn0wPOltbexpIMOZipmHYYP8Uo6jMollpj+hVpbt
uOU8Gv3YHdEDZm9Pgb9tdTf7vBtKVSSqTGB85iNqD7yY5dWEezMzg39fPRYl
rx6JEpw0SGTYuSgUinmqyqUoeE0oODSNz7GxXH99eL7R0Z/sR1kOGz1KG632
oZXZVdlEHiQkTedJea0mjcYHpvHviGFAVGKwwlvL7pYiqsrutLzq3hbRzLwB
7eI6KiYlsD96D/BmeZlUSm86VZRNIKCgqAKFeRcWSiHtoSibAptMzR7sv9p9
YbZNn7cC7ort7R23V7bNry927dOX7ulL/Ex0u11gWEzhQvwEbBQwDUs7gf8B
OSyAOcXpfAL49biExH9JPJeob0RtqoLQqgIs4hCWWlbXoPNYlQXoAh+ABnij
FriWRn3JLysYQqZAxQNlTo6VwE7HKS15Tw5IR4MRTIEeoywppzKBocEOw4+r
66jCv/NxFYHiNoEO8ym8PVfpAod0FhUwI9CW/g0W/DIBxQKpSs9wIscLGtRA
rwxODf82Y+sJMboG6KDtzUk1KZnUATfX+W0NbYVW12Q5j6/xnYc+4fDA4+Zh
ZvJ88Gx/IG9xEeYlUnbs4TVNLlW8iFMlp047mml1q+yJo0pO1GWCWsoUQEML
yYRa0ixNSzkGBRlgs9roFiFi7POIhB4+fQmDnaGmbsCWBjErqYAdsZoG2KG+
HlACBSmBHb1kiKF8hhgF1oEGQ1evSCwTj3UhMcHqAjUBDibzWNOhsDSHiCCI
aHhogh6e93hzTJPJJFVCiCfADysCQFA/PvH/vBPi48f7RevdXY1g2rR/wEIp
eBknBs3ng9FQDor4GthGXCHqPn7Um/3uriNjIJyxt5XqG1LUdHfekJrAzn7Y
Hz7Z2mSIyFRglICN/fPjN/wMucvdHegmeiAiGAjw7JQJye5ShNrY6256pVKA
KSABmjb0DG/tZIL9DTx80gTtwMJOhH7EvHRkW/bkELcb/yGnYGoiamDZsX+7
wTU7kA12IAJ2UNv+dfbQ0+ySdsLwHMdj14CRG62+fzvEJ0RUApWf6fUFNQvX
FzYHP0BlCx/g+hzvywa9OUUNWyFuPH6EVGI2NY4Yf08KGKrHgZjYkAURDc2K
BLrSm16oD8hwgakQM4lwASrcUwHHrO+x5bwTJEpcJONW3umPNWpjkYLxC6gi
9GjWcbxPveB+TtP8lggxnyUx8D8g1XxeIZ2UcT5TmvX540EICgxKmESM3EZN
QNDLnB6UvkpTIv4RYDKdpbSIWtMpYE6zNF/o6YEEQmkNhi3wcwJDXMUgHsCA
+oj4zQEWE2wHGiM2EKUeOmCwt6hD0HMt6EK8d7xe3CJq9m5l3ZUCKwIo0QeE
0+Yu81Jxh8CeBG5CtL2Qbm8BK1JFsK0IG4Rs6I9Rw9u0hQXYfQprcpQxsmF7
oA+lU58gSfCJukmMCMeGIMBDHJnJAppw1G6eoLkAgNLJeb2xNSg7k5Kn4sM0
uMFRPgEdt5gmWsnFLs55qVjPeQfEP8eNQCT2Xi0kOk9KuXb843C01uF/5ckp
/X5++K8/Hp0fHuDvw+8G797ZX7iFgD9Of3yn3+Nv7sv90+Pjw5MD/vh48PMa
k/fa6dno6PRk8G6NGVNSCke8hWJlSZLCOCtUBTsbUGJ2GTEzYCESrUDN7OE3
4Lj1fQnstGSJg52e/XD0d1n5aAlheqx8G3fXQxKwJ0FLidIy5358yLjBBS5q
NJulsF5jYJSrqz97rczgSSg28cWxVo3eaNXo4xO/CYjxQRzDujLzaPLYxow6
elsjz9JkC3InrRJgDuLCE/FDqzJf0EBMI3+SvI9uojRBi4MEKWzLZWBQKD+G
paKkRCwJwpKWIjDJVlbrthcOKbI8kPQsX6QLQ3ih1GQFahRu9BJ+d9q66ddo
q7Q7q4B/w95MJ8xFL1KVXYAhp3mJ2Q3cpMFScL48ZBbagBuSdgDkCnnAJfpz
r+0YrByE0Y8XuBDET2Al5iD3VXWrQNDv0rq92OnhaODDEWACTWQY1SgYElhT
c6a4K3S0Mr9dqp/CSIwmHuCF9orhhGi0Qa8IhLq7d7JmifQEcYxuTD2GpJ8j
Ri/5A5hBqYg5N9AribcZ8m7MRrB7DlhPVjHXddRjxR2QiRFAZFFg7z2/8yyv
aAAEzY6PuyaWAVSWTxPYChNNWdwDawswtWzZijqCCw0ZGNMVCU1BpOfbDI7c
WdLqoWuXRsMqVMt6uI7Ke0iaPjLkswTTehaXvnYGtInsEcnxNklTZlaAN63o
gmZGmPV2rab7WxiORVDHA6mFkAEQATDumGYLK1omvypeLvvNJFdl9rQi+wr6
cpo5QMkvO270AIymNVbElaYz1rp/VUXe1QPDc5jsinaW+jBLisUDW90tvU/4
xDlxR8xAroP1YLe5JYVSAW4nvL0zkpZXquB9zjYOt9Q2FXDMiZzMC2bFCfq2
GfLfNKnp1UYaUpekyDnHhbMGAB8w53ShGUc5+/04Bw/oAdbRjjyfa1yYHXrh
MQ76FlsJdlq3dGzpHuWStmLHHvjaR3yWhND0d5Y56d6/OHdy3EEPK9Sz7T7X
Rqzd5N44CJ5hVj6mlnKqQEjDpqGvL+eFZ1wsjCeGRulWQTNB3OmuJ2HXpPyb
1tzdE2v1GvyrtFS3SKA9eYhaPD1PiJVhU7A5y+SKvH75+BdQgyROuXLuMX+A
6gM6wmvDBH2J1x+1JkFLwrTi9dSYkaN0Gi+hbRk1AkeAcYFFtpwsDd05sMZG
cF3C8rYBAGtHK0eT5JIcr5V1bZc9VBRx2mjsoWqpfd+mP1/t83vyh0rAWB//
fnh60kFmnqkYIRQLHn4rXqKF5UHA3Q1rDox3X2RpSVWzgUC9A8tXtWw73R7U
7SIHUx/lsjUVyQVpNdQbYyWRoVHOZ+i1UxM79AZZ1sauOaF8i5sLWJh/rnDI
NnQp1p0p8SIwJR50id/dbWgva6mNRKTDw+wmKfKMNt3RAftA99MomcqhSrmj
Huj3MP0P3Wo27c7ioqvX+e7OCEL8zHf4G0qwDp7R2bE82z8HXmBgsjpwpadq
PbEg/a0iWeM7oTWLjA7094ytq8vkCs8U3sDnZKz9N/zIKCpvrnznTssP+0m0
UU3qjXXS6AYBndR/rEcM//jU1oH+ue+d/GQ+bzfkVv5cttl8q37+VXfZzzer
9W7sFN4+j5z70s5X7X15i/rI1o0vfGOlz5ePDIa2Su/NXh8x+OWr0u3azxsY
93q/B/ZD695dDfP6hG5C9v1je/9d1926pD/n89+87v65xbkqQUo8oveV1t1n
F/Xe74H9hdb9vrnf9znyZvFxTz7xmDYfqX+9Zt1O+Ax0hddR/B5VfBRK1yp+
L49RlK3dhcbkfWdw2mIDKVvhQRqIR1QIkNNrJbiMpkqc/XDk8858ZqxY7Ytt
nI085HIT7hxRofhAEd+Rv5AOVzYg3D8F0CY6oszrLgNSx7JoOk6u5vm8TNHr
WOYxaSjYyg6Z0WTdRsp4pHwXFGnf5ns63iud+jRWcTRn+033XRUKvYLBuU8c
FUViPVsCuQFMNZ9FMDcjvLX5B0NH3b4A2SrpKBFV2oY1gSrRRLHzU4nb6wR0
l1kBw+fZJmU5t7Mjbyi7TwhNzq/WJJJ2Wwymn6bNUwXn+BN5RsP1zwTwrzZl
ueYctB4BB1jcRuguB/DaJej0SDv/RvjA8LyDx0lGEUc020gJp7iQuhf6tD3/
c287OEukYwr2364QhIGO3KSneh3rE2K6inCjxGpWzaNUWEdlAasCLdb3j3/a
8H3EQQgInvcatHXucZzv9FZ0neOipyqaWIQIUBTnKdFfxkdyjROicj7u2oOT
HsbiKFxc+Qb2FqxmH10kj0ISq6Q4DAsXJwoaK+nKRj+GCZETOvSnTBL084zn
dDoxzWFblAqMiyh1hztEEOS6FkxPRGKWhFoNODJLzKburGo606DMWUSw0LJ1
oUPtu10I9Kyo6S1p8Qk2jnwmgdV8WtLiqYXxdEkLLYr+s/U1IRxff4JddT+A
ZSNY9XWvTcbizw3K2nsEvYelQKYuBciNl4wlhPHJlz+e6IuBjWbVEhFeg/H0
3nE8XQlGHV3/uezlI2Dcq4D4MJYg8pO3Lkuw6WDUofT8cRhWDmwi1ZavhE3S
hPFJByHKgfkYSJRhbOGh3U/rBtS65fODjToM5RnzDCNnGP09+qsJ43UNRrik
T/1xbC+Dsb+xEcBwCHA/sb8uDyiIHgyNNv5L1WB4Zk8vXIEABnkzSum+c6/8
r8DecFhBbC6di7zxYQR6dLjFlsGoE4xvqrwOl+DpMhiftN2FShN1tSpOHfhv
6gSzMk69nzrBLMXpfg0f7s2gMdyHcOp3Goj6gHQtTvfbcPpbfz6J+9lf1+l6
S5s8DY2hQF0wJhGQL2gsW3K/oegZM8hz9a3sO0vSdI7RrJXRD7Ux9jjvWfOH
/Wlf25+Hv/ja/xFNWcqYqqnxTF0trZf/kKvOBpw+5su35jw2L3TILI/mL48B
so8Wk7M6Wob+VTBPbZzw7Jd1tE6tO5LPAjeEsEPFwJtZlBTuieXb5cZf3FOn
BfBBWS3YoHU9wo+8Nfmm0fqvXq9eNCofd/7PrJ7+Mpj+Iz5nt4M9tH1WqFka
LR4F4ggNVd/e/y1084hPv4Ndn95Hcl+1rKWlOyGGFdnq3rjFX+hklA7S1Ky0
EYhJEXCh0jkbLDdbz9ktAN36kS6wKBv6gF5/YQ9X9BeaZ1HLXsN5ZLjkoQm7
JDgn1kC3J5OGWboIg1LpwfIJoItfSGLMfoh8ywnPPBuOBLHkUFef+/UoRlVH
WZHxRGdiHXl7naCVPxxxdBcednGz16fnHTHOq2t7KLl/cPAOA7Se6PO0czWD
7mww5ccn9PhOn57qGdn49lVdH/akEk+GqB88VuRZ47jBDqewsVJhTDX8SvFc
PDH3dB+Nb8Y8BQp4cb4W7un+6HAkh6Pzo5O3uhW6oXxEoZFaDyXSwUbQkuMg
MADaD4sIwGLcPkWJiZrDzJ4pG5KlAAy0wV1MhgkUmM/AsK+nFpiII5aQYjAa
wSIO8Iy9e3J6sn/YxXhGXNe9va/l6Oezw+7RweHJ6OjN0eG58NzBhCQdZj5E
nf9eQB9xz/R6PeS8J+hwCuLe/UNz2LQYmdcCbXh2ejI8XHFcTBzLBuaBeuzI
/Hmb2A4CNMTpAniGyIfaS5HS+5dkst7kgx+XI/hOp1DBMO2hvecE6podUnLm
mqEBPqxUE/OtbM/tcbEeJojsvrHjvB85+o/fYg93GzaewwzIxv+GoS/hpPxA
GLcGvMaftQhMAKuvgiWnh5dBs6Xfvg7sxrp3+KsvhJvA566EnldtKaS/0G1L
ANyNB3V0Mjp8e3gu13d7vRc7rnuHT8PzwrgHG8bZFvJnSNYSQev2dDP1Rqzn
0zJkaz8GLHl9ePTvh+ubYL3xBBwhOMRZlyyMVo8b/jHtohX4PXv+s9yxc0cx
zOq9Qw16xXqzh+B7EIt+2hR9sV54nBczhzoe5kRkqKgUXs+uDYXdWQKto722
I328k7RBJQDVgaYOgE/rKoALzOCPKJYd84nv7vx4I7PFAh2kJbftIU1n1OCl
mOzqncqwWhN0E37FkLu/lHnmenTP4zGMlBJotZARbOFy/JHbcUWIHE35mdNK
OFKJA4xQHx1HpXqxMy/Srp4jjjuOZqz3UeQPKoywadDvD/otxqIpnQijI5aY
KinYUUwUP2Noml4LP0OCgoN0hps2voFJdSn52Jnf8WSSihClLHD/n1wDqGt7
GkPcQ4dfeLvZNtBfd4kzIQdC1rPkle5iDR8AgEmOsXldmFIyjdJunkxcP7oP
LDDgwfNXUesHco1eQlt8yljWYHj7wZs5GA8WtNsa3hw0YDtS6qKl57DB6vNh
gbF0QkR+jQnh0y82IQR274S8MXz2hDQ9fs18WLgJwKPrp0/lM4k5zrKHYcxG
2gi3btBqbQ0bhZumsYm+lhWBKdQVoESu/ceg++9R99fN7qt/dv/xcWurs/vi
bk00R68/1AxPPJE/ltqio3S/J2h6PO5U15o2SZs5ol92BNswbEzhESeetnKM
qzvlWr+AJ9OLDe8w9Xlvu7f1ypynUiIiJV2ZT+1o6NtZ49v+ZvBthz7A9zcK
w6AZD29VdlxekfP9YzLpJpUcvT7Ygsa+vMZWIBhqrfqulfEB0DteJqN5nL7+
/nB/JJ1NwMq9dJ2BDPI7+zfK98BGwRBC2HrmDwLvO+D8SQO6HjoTBeWSIjVg
XqsX0UGpz9+NRmd8sGlDny++ssEc31zIWYRB9OqKQjQ8a8U/H99xawLEII8H
P9sYzdYEFBeULT7JUxs54v9O3X6SB5ztSO5n9PUF/w/P3qLJ5am29VpInySQ
UcXZEPCHNsXh0/uxsp8PfitW+rBZNFZ2dvt/OKy0oWSUSyyaVSgXN7NKvBBK
ZxtH47mlyvm4xA8BQ/cDMMG8tAzTpDIxNrwC9FT76o8OAj1A+LxhyyGcWIPN
DEHwJlcUY3l0gHkkZ3lZJpjuAiuPjuqikQwzzygdBp06mcuHAX0qTW44I1bU
TIQO0VSO4d6ljUG4jRY6boVVYzL1e/Inis+5iYokgiFdJhVqajPMZBPakRcn
RTyfYn0pTEEXVE+L4uF1DEmmh+6zbrANTFjQxdkPR2+AUmBJOWRhnFQcL2IT
KDghfGd3G/WoLkZEIEegHD7YA4QDS7BmlxjwNXbfMclSEVmY85LqL4F0xcno
b0G9A0bdSCA1aelbXCTADKpPyp0n0yhj/Qn8/xeSaaRd41xBuRaRn59JJIhm
gFP9rd8OjQcQE8bl5jlnsd6EjgcgH61gSqLHpSqAGjZ0JQLQ8nHR3QsmV5sm
ldErAD3LQTGi2ZP+jhygqxmPfJbZgm/kPLIc6rezECPpaKNkhms889gGrgKx
jQOiWSqZkbmU9Mkk0fUzZmAETFVlovw5hcljubzNGWuC/Ls6XZ5I+O3hiBMs
zk6H8BunhVOS28i+1iUd/A1PqRC5K+LhEUBjAAaW30MLsBZWbcEauwZoGWkK
iZ6pqrVD9k/jAlsZPGS61jYNcKvLJfz3YQJvlfHDDpFPUHDA7jyu/2BsTx0F
SHsj7N+k8ZRc/yVNF9421mGeoQGGe0WQgUh98dZhMzaAr2ezQgethhPt1EY3
3jxcmGEzb3KqpmOqlqTpwIp8sho5RV6bKaYtZdpos7njSCXDfCdylOj8v7Kn
YWoDSH/PX9iiEJzkE7WkLUpfTwCw7WnDdV9/wOIiiwDyzVsBofMX59kMtipi
1xgk1kVAoYU1s9uKWy1qsbIaYlpyeRSb3RScSWxt0UB3XziHgH8y0UC7b5Mb
jK0n9ti05OOv0EzU7WAg3JKpA5sWmgSYtrTLi5Ig78+BxElRWpsmyjDrcaAt
St0vHVFBW5uNSjU9m1inLhkg5zp6GXFUqyIw8OTp0QEnLg6yED88Z6AOZ7ca
TN1S2p7mB7wQWt5Tj3qbAmSTMxlk2YXT6i1hRDaMMaIyVJhxdjlPmZHXRVpR
01hIv+hvbgpPSbDRFg9wN4NeL/Et8le3Rzve9OCrIWEOpWHqvjfSZRCblOEH
VcbVJxxMdgeGtv46mhghy/RM3+ZG/X3IfcjLItqXBXncGHfeNJro9Y2rdAEq
y7yqD7ldyxWhllt3hFNM9fLVfb65LdeHAD8BrvVjFt2AqoFdbGiW7GMMrCIz
fPy2O6ZAYtYGqN4ebhAtr+6pEdLr2yhtlmaNij1TNUkifUwbCHctEPYZtd2R
n63MKoGJoTBUarOhUc0yCRgI+atx8eybdQzstarYhsQmpmsM6kDlSuccLlW/
gnMO+PMZKJGo5oG6swELRf3ocibYyTP0SbZWp/0ryUf6FueyYVQ34zz1e9O0
9kk+AnITXA3tJm5bB3KvrtEoPz4hn1fCmIdVUJ3N0y6ToE4DyHNBzqDDkXzW
u1Vp2n2f5bc0I604I8E9A7tRCPMbsY3TH4RPDHuPwIcQ5Gw07s6149HRrycH
P/ZPfr16fnxwuDj+9V+3Tn6Jd05Hgw/Hvxxvnox+3j49eH8L7dbQEen8oS+A
Q9I5xhdH6B7jBcnhQcT8Rjyw2327j+7UPzaK/5Cuj7pkoXQCAWpNSTnKEWqZ
GZVXdEUrafxYibFceRZs7go36AfaLxu0LhukUzJAdUpAck4EaByc1Gxyx+T6
wcbo3VDqiaDgsW2MCKEzajetjs3DjvP8fYIVzSiTHDG0zOSxKUQeGnUaVZj2
ZYqnIYu3S8g16lZAn5OFJ6cjTvOyUKNStJGHl5IVppzVDENdz5I8MWwexnn0
Jc3DmwTJyXbCVNduI2Lp5YaN6M4+fx8bMYD/+TYinQPdZyNSP6vaiIM0BcVq
hgGj2qPhVP3PN/hyMIuqL2n20ZywiVcC53e2s6hLQM1nGFmI0JUsLCrp96Bx
5RlWpqZMzbQylbMfbV/5/QXTIicidsZRekTBifYC2YrWzfI1yywxPjhdxRp7
jBUGbDtCLdLKJZuMCJZCv7f5nE0xbEUKQtDMNNox9toD8Zzt9hohxLfXXN95
4fWxgsXm7yAR0PoXsd3Ygb3T+73stc+108Sy04hV7TTG8vPe5rYwdppssdPa
jKfQdmqN8l2CDBHEvoReBxJxRiPkCoqa65kTCJN6DQ1FrSF2OYgxxVKbBWWL
58qKsMcbbY+22Aji5xlVJKqMUcXS/g98NmcH+X9LTSVqs7HNOjqK1E6tXWpN
1s/ur2m1sqnVeooU/4456x4Ip8PaTw5QDYZtkbEbo1NXhcmNjHC6WByBQjp5
B9QQyYUEzCp0TTnEiaklQNp02P9hfG2OR7wgZKE3ysvnVFL1sn2VH9KiZahF
i9+sRbfRsLhPiw4DYfYpEGb/SwbCNAJgqMD2PvGwIk91+YE3c9AVsVKGZgz1
KuUvWvLz/WLbzCpBKqjkxkbIMSUKy3+5TGzjkIlHMEw4a75wY3Ex+chV7Mks
KyA8+o79y0QJy4sEdKeoii68+iD6ZJ3jTOJpbINkEBXd/dOT0fnpO4xLIV3m
Y+jVsvEtB/L1zxjcEgC4E/Un94TFQDuMi9nBgFvvm3J2/zj0ct83EABRHwk8
engoz20M6n3Om88x4bT3RotAqnWq35Dj8mup16mtBU5fL/GQWGhssqM+bm1u
dczcvYiLo0lHwqvt/qvd51v97Z3d7Z3NrTv3Ud9+hBV4VXHCWsfW5mbQbLtT
X+CO/Mqnhm9g5f74U3reOiXYnskM3dVLJr9Tn3w5c7PnRf7mD+2G8iNwvAOr
JZE4L3oPcbUwModYHEnD9n5EQ+FcGS2Za9+uNYjHObeU9EhCd+qvveWfYsmx
6Qq48QvE4qUHEZiQVCMfWFlotGG8UKhFm9lYA2IBWo7O35qlUazuWU5hegyl
OuM58MXX8YnSxzRoM7wyY3C5AKuGTcPXOwRlKH0zhmIXULwO/VMjCjbSB2t+
vcponM8rH45WqLT/JcrE4YcKF5LT54YMgXIItPiWLFbbX3b8EKoa6W89JNDp
tpfByQCBUd6Dvvrh45MkyqI7zlk4PsN/n8if0Df/A/rm5Y/nR/IMQ3eGOuhQ
EJTEq7pMizeZ1DxXCq+2MxFNaxic1gJVaKjlGoC7wlo6CxlENepb1u7u9tB6
8gdCsUTofpvpUKOHTaUgJPOhWEXrzoW2qJR38bIBgvI4EKSWByAIxcFNZJgN
1Y5XxorWkhxym3VtdSmvteHxEbtvTf1fuvAA0V/v0cO5WN/qbfeAinrP4T8v
ezsbhO4D7bJ6PKYpEvmTbIlgriGTooprDa3lGuIMzYHHYck/edVm/Bpb1zx/
YWmOCA2v6CNCw/Whw33XGEQkqgR0haEITo2EGM7Hlf/yoWOkc5Pz5Y4Q8bOT
ZwMhTpvHi/advR0uDrYwvgeDNoJlFHblm02GZDaAfdjFdxjveMnBezBz4p7Q
F/khxknaDsHKS88p48dpotPIT/er3wlm3LskAGVN3WS3pSuFaqr52apyZXAf
DC3PLFqkeTQhj5xXEAHTj9xB+dlcX7UWni/whOz0B25BtROZq7YlpTdb/IYO
foJ7ckpjNi+feukdDgnxpoiYg3nbdwm2ObuSalaraYQBCSUnQTcgGGXM045g
TfDY0ff/IAGu9YBpyRmixV1pSDMNENTh9DzuSLiIIf2NHprnVkYSaOkMcOtC
Mj1piXM8wBSwmHTHKE1g8LiFShdXylcmI/HvyePoCtM05+iQXi83zOM3mKCv
UKyi08d7cRzFSVbl5bW8xCZEreh9tE3EGWANZvIvfN8oirACV4yrO1dYFhwH
Yqqa14aO9zi33UEs18tZVE6/RTncy4urDd5aJPTnqOnhx3ghzukJcgK+rZmo
KM9cAxrfQF/6uLwzsF1YPdL6X6psc+Zi5PL+0lyM0p/+5GJfgIvR8vxf42Ko
0PzvcjEkwP8xLsad/cnF/je5WPOQ5nGKYO3cxuiCLWc6oBSDhWn1Qq/4MLQ+
P8Ta8pqhedozx7L3n/fZcUqDoldMZHwxGIAgBJyrm0Td4vY+Ohy+lQO8rOAG
ExARBcInQ9rAphN9emQ4OWjHRwcrqeKPOv4BdXy7pnizYbhvVoJW6Pc2Vpw7
27MLazbKyy9go+xgbknNQXjRYqI8b7YrZxdNC4VTVY/zyTx9pEHHX378SFde
g1ibEgzvjH4ZsrgzeWSRuxxjmxtMnYKglqGhHZXZlj6jfBCly7N3AFfHpwca
WzAHpDamMoy6aWDMpQdBdw3HhD0VxcAjezGpzZEL0Grzl1yx4OC6ODzmoVtR
7I1dzsmU5jFF87iaceR9A9Z0dW0Ow3S5LNGofdWTg3r6Fm9zunBw2RW3wgfB
kyFRT2ECtRvzbG1Edi/hhS2mWrJLYKaWzTL2rjDUeFG/TTIous1n3sG1QxGy
pEk+1bE82smtD/IrrNsMWgpGAyVVKUD4osMnny3Mxbq4Shx95DmWzfIAgt3d
neSNS3TpcWHP4saoVrGnNriki9fIRaDa+t0Gn7TWja4DjM8rUA9/Vd6J6CwH
Lsn7igdDeo8uHdalgSCRzbDGlFHzwpotPBqdSClzExM8zSslfK2qcvfOJyQc
/HwXXYhGMOjSXDvj6rvX73jSAieMnYvKcj5tVtXCQBSF/5UYd5uqCeZOauck
kFY3v+yOqVR6YckfOQ/WtuFrqdouu/KzMK8ivRGuG9fxalyhNodv2xGii5KR
dphkOi7FfIqosMXtBSM2gGO1btiHl6ALoZJK92BzHiufKZwNB2Hn+XtlwjRe
Yjaq0LcBlcHAaUjb/Y7c2e0EYXA9ecrOXe8ydDshPBpXU7xC12rQl7JMpkka
FQZw805JG8tQNc9gk0uPrNo7XbAtY6cR+rVNVbYj4xDngk0BqLBOk61RF1kz
BsSLoVR9jms9iz6/EZaobW1BeOsXcG/ccsmxV6CyYPn+lG+8FbUuuJp/urBn
LLN5McPcoyDALarCTcFBbL72E0bRtZV+Ys6M7n7//F9HOLWNHEgwJu37OqrC
o4GakBAW8YRiiilOspv8vdk+yzYIpbv51anwSMLcS+DlJFBydhVRdUR3XTxh
tmNUsQUdjWhRA0xqlfWtBRG2lvcSOCe6TJxsliZ/siEw1lohUvRswzrswdmR
MPX+8CSM5ViZX1a3YDE+wzr/t2Q6ehKXlwi+1GtYOlFqr+a1hEkCj6fZuCpz
CffmJB6QEFaztWhpvd/2gtbahFZoqrJDAiTBv9EMxDaakubKjyWQPMPEb/F6
jnVEL2oXfPCJalSGBSNWu57BoLh+jyCW4veuFmkv82ZcG3w3pY4JGqf5mPaw
oQJhr3imo0VeBLrwEQNginmcRMTTs7xqnE9jfeTwnl5hMGpFGzo6kjipWMVT
H8xfHRdOqfUNG22DhS5hgl5ZUZCPqJ220aaepYldtE4TZW4PrwWghzegeJeI
wAqN6QId/YJbE5m1bDefK5Bav2yP8W2IScaqCa6LG6PbdNAnX4AeUxF2odVA
R0Tu5kicpl0z63yJsoUPoeOKCAvj80roQJjTl2Fp5wVdTaiDxGAKVV7A8FPz
BIZwibd6eGSFHEtMQfWcc40uZNuo53ZaApzbkcVcAe8IjJIySgUrfh2bCWp1
RKCV8EY5zdzpwBvLm8GC/1jaGsklKye8HRpXFsZcG5izS1BuIT2BWsIXTNrl
iK/BEgEJbSMB+QPAJHxvgMO8ovg9yNHiMtJVGGBhEqzLdNktdfYjNwK8XLrb
HhExOEizhxujxPppfMsE6BcFC9gpVqWquT65eh8WGdH4RxoJQwIctfi9ANUL
HcYFquE81tIB9mROmjoMMAX1qLJYpRubqmSKgXq0N8zY2YWGl714mNQr0WE5
RwvFtz4BSHxqYiItdEavziEVXtanIi2YyPk24bRm9OcQeRllii6VxNq0Or6b
achcjSsmSRlrfZgyv1Anw+54/6CORNHh9CylxacYUD9WNfexxGpZ17sAZDwv
JoqUFIpWt3HmGIThX8g6oZobrtirqCtGT5xjoWGFW1+7KVsYchldzqNirzcp
P1iod2xSFYyVdpNE7kJ7YS60R1TwRVM6Bajd86+5buk86yUvMVKXNjpInBus
tkkj/2ame/pCekpXl5LksCarMCOFOW/HsLO0gRJVeunYsy5mky6MxcRsj1SK
CM8whA7BTajKSUJ3lyVB6omdiTNQXSHRhv1pUNiT3+W3uIc7Lql1qXosWo4l
AgXXis7wtiknxkBPBSA3Ck+FiuQmihcY51YmdAkpsTC0k3ChvOdeDzaKWMxA
QcLH0NVMs3S/9LN3mtBhNdhJC3upKTBvzx9jTRzrvmkxLwNnDqp92l+PBeDw
Hqh4TqY1p4BxNrll7EABQ6NULtEmA4opbci0tkypQhHf/2UtVa72JK/moL5T
uEnG4VZEB4Zi5p6E0nqCu7lZcbUoZwLF+RTeTMwJEhIz3cUcjE1bUtmymVAN
p8ZVZzAmPsIw9gQed9Ws2zHfOYdJRxPOWiLJ4jQ61v5CiwQVOEG3Q3vGS8fY
Y4pCvpzDClcYG03nU+Ox8r0r9zgnPHXRDxlzNwwjvasM3SbC3xnExVl+gDLp
W1wuKg5bY1okeeHIGGSbrWfJRi8JV4VC0wfpI8SEvUERuSClV4OoSBe/gjER
F4sZbMwiml3TFb5awvjV8kFGRZlJi6WiktEEL0GcarbGvjTnUmLBbyK9EI18
wNdkRQWeTJEJrGaoEauHTPFa7F/NIOf7GSu6UM/XOELBROvkXRew7BCSHAwB
m3F3X6BGW2PGhlZIoICNEp6hGt2GCAxRSNQ0Bb2FIhLLmu3urECtsbKbDre5
BqQ3Mu4Dp7aZwGxTGg3dPA7x3uKCcsROCjxUC28aJhqrzy24SHLhcWStJOss
kXtM4rrYw3OBMeihqGIcshK6RzdM93ubdMu0vbmaKPGiaL/jDtSQ1luttUqC
V9oBDXzw77h2ePbuuMbod8QiFogO+vIvN/cDYXXWmh6x5uo1YRqDikaXiNsc
F2HVeFdQ3FLzksse+1hHEOuMmlqCL3Z36DzmKDM6sr6xveZ3spdT6rML6xbX
jrhwCqJVNWKV1AN6mRRl5fT9uqtdhJYD9OSOQxCSwy37jelO+agAi8JqGr4L
y3rwrbAombsCq7lW6awMGS0w9RmlP8NDQ0sW4x1hFoLTdv0zkR/UwtcUdLCB
ST7UWprjaxdBqPyFZ+BY073RveeC42mxvKbF7PBa4O0LQA2KMLHHLhxWGoj9
X3gXkr7Zl/ipo6cgJah+dcNTHNasy5UOTZQqLwDothxzQpe/E3YdxRuP1FSr
lG2TqeWQGeclbGExjrL3HdrMVGaSzC9tS9t296xCh1bBTArdXt7ItG/8A4Yx
aA4O22Mpm2j6ABixZvMJjvZx7jrjQsPnGldekThTuWus8LZZHCa5nfVOLG3k
OrqUIlMEJk+VM1cIYqlTZ4IsJF0d2hQq6Xilote2sKhQb6f3nOuGuBLeuqi1
h70uxprAm/9Yi5L33a21jqRf+mv/4Lr4a/oYQE2611F53Y3Sq5yaA+X+c/Du
7T+H3w36z1+s/QNa3zUunTCj/DI1T1rn+MLM0VbB1pMEXt/fJG5vlXYcuElv
sddB6Ib+7OqT67jGCA89YR8Q1mZHbnVkvyO3/6FbcPaMwV0LnjWaNbYod6bG
oKlUg6HQXh3EBaih2mXquZ51ddZpzoeVGfEIy5iEvG//sCi318kiR/J5vC0W
od1uPR4dY7vXguSL+o0fuLNxj9Nm87Y5q06yNhdy5uiTDXdhst4cOLj/mud8
PxtqGsDxUC2xzqJgcE3ceSN7kLuTnJLByCq+GJcQVnNnk6Xme2KbaZ/SqWsm
23PkrTu7onWMFJ9dhZzBnFLVGZjwOfFRVc8PRuGrbmuMjE4SOvrV6dFBhxNH
AL91Ux9tLmZpDvnsguiQtx19w5G+0DmbsBNXy2hh6krSquuLonxmLfGkggoI
OsQhjELR+EF6oNorAn4eBsmgYoeBJ420f34bTdA9RAvHX9WMZBcvw6Yx/PVq
01zMIBGy+Gr/9OBQvj58e3Qy/EbgFUpdStPoAiMWmJOZlPn61oYnFLp5cQUK
9K/Ux/r2BizIZP3FBnu8M1VBa/jQ6Nvrzzc8lRv/mr1PPqy/RIgYAbO+uUFh
h81oGLnO0TIbmD16cPjm6OQIC4EM5dHx2buj/aORHA3eDil7lIYvDv9+dno+
GsrBu3d/E9AI/9CV3KGLN+enxxQStH981u1v9rd1zulnzg9/HjdHLitJ84yn
MxxBd7O/vrX1gibI0VMdPzFW0JAPrXWiayMMSc7jFJ6L3zSDRw5fj52tpePy
yhsHrhQMHCcCBg2qZYeTpMqLPckvwLAAlQmtBkp8CSpdC7paxqj5W5SoNSmi
y6rbmqolxN/QbApTlnFXhYKZklraLxBbfq/ZH/Zisz9vNvvzZrM/bzZbcQJ/
3mwWcMI/bzbzgiF+x5vN2pI5V7qOBvvyV3XZlTStSaAr3Unj9XD/vTRCPlgs
5LHVQhqPViwXIh+uF/L4giHNZ6tVDBGHJwdaU4bfQE/mW+zkIDaBouTvFh/3
+NhdTb5eu4zSUuFVvT+BRZXPU9joyXvFjjG0Fs/nZSm/wzI5atEBAySfglr0
JgcVr0o68qeowqyVd9Fk0pFHeTav5HECSlSsoo7Yj4oUWqRYOUCfuoCxF6lU
Dqvv8+vM3v2a4GEkpVPwwVVV9sT/B4fKchXasQAA

-->

</rfc>
