Certificate OIDs #32
Labels
Comments
It won't be for long, so if you want it to be resolved in 1.3 you should file an issue today (preferably yesterday). |
varuns-nvidia
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There had been a question of what kind of SPDM OIDs we might need to add to the alias certs generated by Caliptra. We discussed how SPDM is introducing the "generic certificate model" where no OIDs are needed, so no problem here. However, in the latest draft, SPDM Slot 0 is required to use either the Device cert model or Alias cert model, and not the Generic cert model.
That being said, there is no "shall" requirement directing the use of these OIDs - they are only "strongly recommended for new deployments".
SPDM 1.3 is still in draft form. We could ask that the stricture against generic certs in slot 0 be lifted. Or, we could work to add the necessary OIDs in the certs generated by Caliptra. In either case I don't think any changes are necessary to ROM.
The text was updated successfully, but these errors were encountered: