BRSKI provides a algorithm to determine which attribute will be the serial-number of the pledge, text attached below.
I am looking for examples of an IDevID that has:
1) a HardwareModuleName rather than a subject DN serialNumber.
2) a HardwareModuleName *as well* as a subject DN serialNumber.
I can probably create them, but I would rather use something produced
by a genuine TPM.
(Alternatively, maybe someone can recommend a USB interfaced TPM module that
would let me completely own what it does)
I'd like to include the result in an appendix, as well as use it as test
cases in my code.
2.3.1. Identification of the Pledge
In the context of BRSKI, pledges are uniquely identified by a
"serial-number". This serial-number is used both in the "serial-
number" field of voucher or voucher-requests (see Section 3) and in
local policies on registrar or MASA (see Section 5).
The following fields are defined in [IDevID] and [RFC5280]:
o The subject field's DN encoding MUST include the "serialNumber"
attribute with the device's unique serial number. (from [IDevID]
section 7.2.8, and [RFC5280] section 4.1.2.4's list of
standard attributes)
o The subject-alt field's encoding MAY include a non-critical
version of the RFC4108 defined HardwareModuleName. (from [IDevID]
section 7.2.9) If the IDevID is stored in a Trusted Platform
Module (TPM), then this field MAY contain the TPM identification
rather than the device's serial number. If both fields are
present, then the subject field takes precedence.
and they are used as follows by the pledge to build the "serial-
number" that is placed in the voucher-request. In order to build it,
the fields need to be converted into a serial-number of "type
string". The following methods are used depending on the first
available IDevID certificate field (attempted in this order):
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
