First version with passport model added.

[hannestschofenig]

In this PR, I have added the long-awaited support for the passport model to the CSR attestation draft. While the functionality was implicitly present through the use of the conceptual message wrapper, the text previously lacked any explicit explanation.

I understand that introducing this functionality at this stage may seem late. However, I strongly believe we should not publish the draft without it, as there is significant industry interest in supporting both models: the background-check model and the passport model.

[ounsworth]

Ok, so you are defining a second pair of extensions / attributes for id-aa-ar that are basically the same but without the layer that allows bundles and certs. ARs must be signed, right? Is that true that ARs never need an external certificate chain? I understand that you don't need a SEQUENCE OF AR, but should there be a SEQUENCE OF CertificateChoices ?

I did not read all the new text, but I skimmed it and it seems good.

[hannestschofenig]

Two points in response, Mike:

1. ASN.1 correctness: I’m not entirely sure about the validity of the included ASN.1. It seems we had a bug, which I noticed when extending it with this PR. We should review the ASN.1 carefully during an upcoming call.

2. Attestation Results certificate chains: Because the standardization efforts for Attestation Results (ARs) are relatively recent, I assumed the AR structure can carry these chains. However, it’s worth verifying this assumption.