From 1322c24c99e4085e6519ff938fec747d3d0eec80 Mon Sep 17 00:00:00 2001 From: Steven Bellock Date: Wed, 13 Aug 2025 07:06:10 -0700 Subject: [PATCH] Use CWT claim names Another follow up to #48. Signed-off-by: Steven Bellock --- .../ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl | 4 ++-- specifications/ietf-eat-profile/spec.ocp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/specifications/ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl b/specifications/ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl index 4f31f45..a677a74 100644 --- a/specifications/ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl +++ b/specifications/ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl @@ -1,6 +1,6 @@ cwt-envelope-signed-eat = { ; The EAT Profile for OCP OID - &(eat_profile : 265 ) => ~oid ; TODO: OCP Security to assign a value - note: `~` strips CBOR tag #6.111(oid) from `oid` + &(EAT Profile : 265 ) => ~oid ; TODO: OCP Security to assign a value - note: `~` strips CBOR tag #6.111(oid) from `oid` ; Issuer claim is StringOrURI (tstr) &(iss : 1) => tstr @@ -9,7 +9,7 @@ cwt-envelope-signed-eat = { &(Nonce : 10) => bstr ; EAT measurements claim is defined in section-4.2.16 - &(measurements : 273) => measurements-type + &(Measurements : 273) => measurements-type ; Private Claims (they have to be < -65536 for rfc8392) per RFC 8392 diff --git a/specifications/ietf-eat-profile/spec.ocp b/specifications/ietf-eat-profile/spec.ocp index f4806cd..8d5abe3 100644 --- a/specifications/ietf-eat-profile/spec.ocp +++ b/specifications/ietf-eat-profile/spec.ocp @@ -155,13 +155,13 @@ in the unsigned section of the COSE_Sign1 header. The CWT claim set is intentionally minimalistic, serving primarily as an integrity-protected wrapper for concise evidence. -1. **eat_profile** +1. **EAT Profile** * This claim is used by the attester to identify the profile. It **MUST** be present and **SHALL** contain the OID assigned to the OCP Profile. **TODO: OCP to assign OID Value** 2. **issuer** * This claim is optionally used by the attester to bind the EAT to the certificate chain that issued it. If present, **SHALL** match the SUBJECT Common Name of the Attestation Key (AK) Certificate. 3. **Nonce** * This claim is used by the attester to ensure the freshness of the response. It **MUST** be present and **SHALL** be a string or an array of strings. It **SHALL** contain as minimum the nonce value passed by the requester. -4. **measurements** +4. **Measurements** * This claim is used by the attester to present the target environment claims that verifier will consume for the appraisal policy. It **MUST** be present and **SHALL** encapsulate a “concise-evidence” using the appropriate IANA media type. 5. **rim-locators** * This claim is used by the attester to point the verifier to the rim repository. If present, **SHALL** be an array of corim-locator-map (as defined by the IETF CoRIM Draft).