Skip to content

Commit 330d0e4

Browse files
fdamatofdamato
committed
EAT Profile: Keeping only ECDSA for the initial profile
Signed-off-by: Fabrizio Damato <[email protected]>
1 parent 5dc1425 commit 330d0e4

File tree

1 file changed

+23
-69
lines changed

1 file changed

+23
-69
lines changed

specifications/ietf-eat-profile/spec.ocp

Lines changed: 23 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -275,95 +275,49 @@ levels for data center environments.
275275

276276
### Supported Algorithms
277277

278-
Implementations of this profile **SHALL** support **one** of the
279-
following COSE algorithms for the COSE_Sign1 signature:
280-
281-
1. **ECDSA with P-384 and SHA-384** (COSE Algorithm ID: -35)
282-
* **Algorithm**: ES384 as defined in [@{ietf-rfc9052}]
283-
* **Curve**: NIST P-384
284-
* **Hash**: SHA-384
285-
* **Key Size**: 384 bits
286-
* **Security Level**: 192-bit classical security
287-
* **Signature Size**: ~96 bytes
288-
* **Public Key Size**: 97 bytes (uncompressed point)
289-
* **Private Key Size**: 48 bytes
290-
* **Profile OID**: **TODO: OCP to assign OID for ECDSA-P384 profile**
291-
292-
2. **ML-DSA-87** (COSE Algorithm ID: -50)
293-
* **Algorithm**: ML-DSA-87 (FIPS 204) as defined in
294-
[@{ietf-cose-dilithium}]
295-
* **Security Level**: Category 5 (256-bit classical, 128-bit quantum) as defined in [@{nist-fips-204}]
296-
* **Signature Size**: ~4,627 bytes
297-
* **Public Key Size**: 2,592 bytes
298-
* **Private Key Size**: 4,896 bytes
299-
* **Hash**: SHAKE256
300-
* **Profile OID**: **TODO: OCP to assign OID for ML-DSA-87 profile**
301-
* **Note: Algorithm ID: -50 is a temporary allocation. However, it is expected to become permanent
302-
303-
### Profile OID Usage
304-
305-
The **EAT Profile** claim (claim key: 265) **MUST** contain the OID
306-
corresponding to the algorithm used for signing the CWT:
307-
308-
* When signed with ECDSA-P384, use the ECDSA-P384 profile OID
309-
* When signed with ML-DSA-87, use the ML-DSA-87 profile OID
310-
311-
This allows verifiers to immediately identify both the profile version and
312-
the expected signature algorithm without parsing the COSE headers.
313-
314-
### Algorithm Selection Guidelines
315-
316-
The choice of algorithm **SHALL** be determined by:
317-
318-
1. Attester capabilities
319-
2. Deployment security requirements (classical vs. post-quantum)
320-
3. Size constraints and bandwidth considerations
321-
4. Certificate chain algorithm consistency
322-
323-
**Certificate Chain Consistency**: The algorithm used for CWT signing
324-
**SHOULD** be consistent with the algorithm used in the Attestation Key
325-
certificate chain, though this is not strictly required.
278+
Implementations of this profile **SHALL** support the following COSE
279+
algorithm for the COSE_Sign1 signature:
280+
281+
**ECDSA with P-384 and SHA-384** (COSE Algorithm ID: -35)
282+
* **Algorithm**: ES384 as defined in [@{ietf-rfc9052}]
283+
* **Curve**: NIST P-384
284+
* **Hash**: SHA-384
285+
* **Key Size**: 384 bits
286+
* **Security Level**: 192-bit classical security
287+
* **Signature Size**: ~96 bytes
288+
* **Public Key Size**: 97 bytes (uncompressed point)
289+
* **Private Key Size**: 48 bytes
290+
* **Profile OID**: **TODO: OCP to assign OID for ECDSA-P384 profile**
326291

327292
### Size Implications
328293

329294
Implementations **MUST** account for the following signature size
330295
implications when calculating total CWT size against the 64kB limit:
331296

332297
* **ECDSA-P384**: ~96 bytes signature size
333-
* **ML-DSA-87**: ~4,627 bytes signature size
334-
335-
**Note**: When using ML-DSA-87, implementors should carefully consider the
336-
available space for claims and certificate chains within the 64kB total
337-
size limit. The large signature size may necessitate more compact
338-
certificate chains or reduced optional claims.
339298

340299
### COSE Header Requirements
341300

342301
The COSE_Sign1 protected header **MUST** include:
343302

344-
* **alg** (label 1): The COSE algorithm identifier (-35 for ES384 or -50
345-
for ML-DSA-87)
346-
* Additional algorithm-specific parameters as required by the chosen
347-
algorithm
303+
* **alg** (label 1): The COSE algorithm identifier (-35 for ES384)
304+
* Additional algorithm-specific parameters as required by the algorithm
348305

349306
The COSE_Sign1 unprotected header **MUST** include:
350307

351308
* **x5chain** (label 33): Certificate chain as specified in the main
352309
specification
353310

354-
### Implementation Notes
355-
356-
**Migration Path**: The dual algorithm support provides a clear migration
357-
path from classical to post-quantum cryptography while maintaining current
358-
security levels during the transition period.
359-
360311
### Future Algorithm Support
361312

362-
This profile may be updated to include additional COSE algorithms as they
363-
become standardized and relevant for data center attestation use cases.
364-
When new algorithms are added, a new profile OID will be assigned to
365-
support each additional algorithm, maintaining clear identification and
366-
backward compatibility with existing implementations.
313+
This profile serves as the base for ECDSA-based attestation. Additional
314+
profiles will be derived from this specification when post-quantum
315+
cryptography algorithms become standardized. For example, when
316+
[@{ietf-cose-dilithium}] becomes an RFC, a new profile with a distinct
317+
OID will be assigned to support ML-DSA algorithms. Each new algorithm
318+
profile will maintain the same claim structure and overall architecture
319+
while specifying the appropriate cryptographic parameters for that
320+
algorithm.
367321

368322
## Concise Evidence
369323

0 commit comments

Comments
 (0)