From 78f438d7284b0ef6e821bac9b92858f29c7a52d3 Mon Sep 17 00:00:00 2001
From: Mike Ounsworth <mike.ounsworth@entrust.com>
Date: Thu, 11 Jan 2024 16:30:13 -0600
Subject: [PATCH] Added a hint to the RP. closes #70

---
 CSR-ATTESTATION-2023.asn            |  8 +++++++-
 draft-ietf-lamps-csr-attestation.md | 17 +++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/CSR-ATTESTATION-2023.asn b/CSR-ATTESTATION-2023.asn
index a301ba1..dd5149b 100644
--- a/CSR-ATTESTATION-2023.asn
+++ b/CSR-ATTESTATION-2023.asn
@@ -23,6 +23,11 @@ id-aa
 FROM SecureMimeMessageV3dot1
     { iso(1) member-body(2) us(840) rsadsi(113549)
         pkcs(1) pkcs-9(9) smime(16) modules(0) msg-v3dot1(21) }
+
+GeneralName
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
   ;
   
 
@@ -66,7 +71,8 @@ EvidenceStatements ::= SEQUENCE OF EvidenceStatement
 
 EvidenceStatement ::= SEQUENCE {
    type   EVIDENCE-STATEMENT.&id({EvidenceStatementSet}),
-   stmt   EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type})
+   stmt   EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type}),
+   hint   GeneralName OPTIONAL
 }
 
 id-aa-evidenceStatement OBJECT IDENTIFIER ::= { id-aa TBDAA }
diff --git a/draft-ietf-lamps-csr-attestation.md b/draft-ietf-lamps-csr-attestation.md
index 537af8b..a4a19db 100644
--- a/draft-ietf-lamps-csr-attestation.md
+++ b/draft-ietf-lamps-csr-attestation.md
@@ -243,9 +243,22 @@ EvidenceStatements ::= SEQUENCE OF EvidenceStatement
 
 EvidenceStatement ::= SEQUENCE {
    type   EVIDENCE-STATEMENT.&id({EvidenceStatementSet}),
-   stmt   EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type})
+   stmt   EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type}),
+   hint   GeneralName OPTIONAL
 }
+~~~
+
+The type is on OID indicating the format of the data contained in stmt.
 
+The hint is intended for an Attester to indicate to the Relying Party
+which Verifier should be invoked to parse this statement. In many cases,
+the type OID will already uniquely indicate which Verifier to invoke, but
+in some cases it may still be ambiguous, or the type may indicate
+another layer of conceptual message wrapping in which case it is helpful
+to the RP to bring this hint outside of the statement. The contents of
+the hint are out of scope for this document.
+
+~~~
 EvidenceBundles ::= SEQUENCE OF EvidenceBundle
 
 EvidenceBundle ::= SEQUENCE
@@ -269,7 +282,7 @@ ext-evidence EXTENSION ::= {
 }
 ~~~
 
-The Extension version is intended only for use within CRMF CSRs and MUST NOT be used within X.509 certificates due to the privacy implications of publishing Evidence about the end entity's hardware environment. See {{security-considerations}} for more discussion.
+The Extension variant is intended only for use within CRMF CSRs and MUST NOT be used within X.509 certificates due to the privacy implications of publishing Evidence about the end entity's hardware environment. See {{security-considerations}} for more discussion.
 
 The `certs` contains a set of certificates that
 may be needed to validate the contents of an Evidence statement