add stateless nonces

cddl/epoch-marker.cddl

@@ -21,3 +21,4 @@ $tagged-epoch-id /= #6.26981(TST-info-based-on-CBOR-time-tag)
 $tagged-epoch-id /= #6.26982(multi-nonce)
 $tagged-epoch-id /= #6.26983(multi-nonce-list)
 $tagged-epoch-id /= #6.26984(strictly-monotonic-counter)
+$tagged-epoch-id /= #6.26985(stateless-nonce)

cddl/frag.mk

@@ -6,5 +6,6 @@ EPOCH_MARKER_FRAGS += multi-nonce.cddl
 EPOCH_MARKER_FRAGS += strictly-monotonic-counter.cddl
 EPOCH_MARKER_FRAGS += tst-info.cddl
 EPOCH_MARKER_FRAGS += non-empty.cddl
+EPOCH_MARKER_FRAGS += stateless-nonce.cddl
 
 EPOCH_MARKER_EXAMPLES := $(wildcard examples/*.diag)

cddl/stateless-nonce.cddl

@@ -0,0 +1,19 @@
+stateless-nonce = [
+  TimeToken
+  AuthTag: bstr .size 20
+]
+
+; AuthTag is the HMAC w/ SHA-1 computed over the CBOR serialisation of
+; TimeToken
+
+TimeToken = (
+  Version: bytes .size 1
+  KeyID: bytes .size 1
+  Timestamp: posix-time
+  Pad: bytes
+)
+
+; Pad carries no meaning; it is just pad bytes to make stateless-nonce
+; the desired size
+
+posix-time = #6.1(int)

draft-birkholz-rats-epoch-markers.md

@@ -197,6 +197,18 @@ The counter context is defined by the Epoch bell.
 {::include cddl/strictly-monotonic-counter.cddl}
 ~~~~
 
+### Stateless Nonce
+
+In a highly available service (e.g., a cloud attestation verifier) having to
+keep per-session nonce state poses scalablity problems.  An alternative is to
+use time synchronised servers that share a symmetric key and let which produce
+and consume nonces based on coarse-grained clock ticks signed using the shared
+secret.
+
+~~~~ CDDL
+{::include cddl/stateless-nonce.cddl}
+~~~~
+
 # Security Considerations
 
 TODO