On Fri, Dec 23, 2016 at 7:06 PM, James Bottomley <[email protected]> wrote: > The reason this comes about is because we already have a standard form > for TPM 1.2 keys here: > http://david.woodhou.se/draft-woodhouse-cert-best-practice.html#ident-tpm > However, since I'm working on TPM2 enabling for openssl and gnutls, I > need to come up with a new key format because TPM2 requires some extra > parameters and the original TSS KEY BLOB, being a single > ASN1_OCTET_STRING isn't expandable. [...] > I'm torn on where to get the OIDs from. Since this is a TPM key, it > might make sense to use the TCG OID (2.23.133) and just add something > they haven't already used, like 10 for key formats, or we could go with > a pkcs OID (1.2.840.113549.1)
OIDs under some umbrella normally need to be registered within the organization they belong to. If you cannot find a suitable organization to get these OIDs from I'll check whether we can get something under redhat's OIDs. > If we can agree on this, we can update David's document and make it a > formal RFC. Shouldn't version be first? However, I'm not sure how expandable is ASN.1 using version fields (I've seen no structure being able to be re-used using a different version). An alternative approach would to allow for future extensions, i.e., something like the PKIX Extension field, which is an OID+data. regards, Nikos ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
