You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec is silent on what the purpose of this field is, what it should contain, and who defines the value to put in it. The example in the spec just has the value "Primary TEE", which implies it's an arbitrary string. But that would probably be broken since if there's two TEEs from different vendors and they choose the same string, then you get a collision.
Is it supposed to be a type like "Intel SGX" or "OP-TEE"?
Is it supposed to be a instance name like a hostname, or a guid, that is different per device?
In addition, the TEE cert can have claims embedded in certificate extensions, and so it's unclear why a separate name is needed at all, rather than it being inside the cert where it can be created by and used by other standard attestation mechanisms.
Another implementer mentioned the field is ignored and just has dummy values in their implementation.
If there is some reason a unique value per manufacturer (e.g., "Intel SGX" vs "OP-TEE" etc) is needed, do we need an IANA registry? Or can we use a reverse DNS name ("com.intel.sgx", "org.op-tee", etc.)?
Or should the field be deleted?
The text was updated successfully, but these errors were encountered:
The spec is silent on what the purpose of this field is, what it should contain, and who defines the value to put in it. The example in the spec just has the value "Primary TEE", which implies it's an arbitrary string. But that would probably be broken since if there's two TEEs from different vendors and they choose the same string, then you get a collision.
Is it supposed to be a type like "Intel SGX" or "OP-TEE"?
Is it supposed to be a instance name like a hostname, or a guid, that is different per device?
In addition, the TEE cert can have claims embedded in certificate extensions, and so it's unclear why a separate name is needed at all, rather than it being inside the cert where it can be created by and used by other standard attestation mechanisms.
Another implementer mentioned the field is ignored and just has dummy values in their implementation.
If there is some reason a unique value per manufacturer (e.g., "Intel SGX" vs "OP-TEE" etc) is needed, do we need an IANA registry? Or can we use a reverse DNS name ("com.intel.sgx", "org.op-tee", etc.)?
Or should the field be deleted?
The text was updated successfully, but these errors were encountered: