Post by ratagupt on Feb 23, 2022 9:15:28 GMT
Hi Team,
In component Integrity resource(https://redfish.dmtf.org/schemas/v1/ComponentIntegrity.v1_0_0.json).
ComponentIntegrity->SPDM->IdentityAuthentication->ResponderAuthentication->ComponentCertificate is of type of redfish.dmtf.org/schemas/v1/Certificate.v1_5_0.json#/definitions/Certificate.
I can see that only following values are allowed for the certoficateType.
"CertificateType": {
"enum": [
"PEM",
"PEMchain",
"PKCS7"
],
SPDM spec (https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.1.pdf) tells that the certificate will be of type DER format, Can we add the DER format too in the above certificateType?
"Each certificate shall be in ASN.1 DER-encoded X.509 v3 format. The ASN.1 DER encoding of each individual
certificate can be analyzed to determine its length.".
If this is not allowed then the redfish server has to convert the DER format to PEM which seems to me extra processing on the redfish server.
Thanks
In component Integrity resource(https://redfish.dmtf.org/schemas/v1/ComponentIntegrity.v1_0_0.json).
ComponentIntegrity->SPDM->IdentityAuthentication->ResponderAuthentication->ComponentCertificate is of type of redfish.dmtf.org/schemas/v1/Certificate.v1_5_0.json#/definitions/Certificate.
I can see that only following values are allowed for the certoficateType.
"CertificateType": {
"enum": [
"PEM",
"PEMchain",
"PKCS7"
],
SPDM spec (https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.1.pdf) tells that the certificate will be of type DER format, Can we add the DER format too in the above certificateType?
"Each certificate shall be in ASN.1 DER-encoded X.509 v3 format. The ASN.1 DER encoding of each individual
certificate can be analyzed to determine its length.".
If this is not allowed then the redfish server has to convert the DER format to PEM which seems to me extra processing on the redfish server.
Thanks
