list certificates {
description
"The TPM's endorsement-certificate.";
container certificate {
leaf certificate-name {
type string;
description
"An arbitrary name for this identity certificate or
certificate chain.";
}
leaf certificate-type {
type enumeration {
enum endorsement-cert {
value 0; }
enum attestation-cert {
value 1;
}
}
description "Type of this certificate";
}
leaf certificate-value {
type ietfct:end-entity-cert-cms;
In network equipment following , there should exist IAK cert and LAK cert, so should we modify certificate-type as follows:
leaf certificate-type {
type enumeration {
enum endorsement-cert {
value 0;
description
"EK Cert type.";
}
**enum initial-attestation-cert {
value 1;
description
"IAK Cert type.";
}
enum local-attestation-cert {
value 2;
description
"LAK Cert type.";
}**
}
description "Type of this certificate";
}
Should we add AK information leaf node in certificate structure for LAK certificate verification? as follows:
leaf ak-public-struture {
type binary;
description
"Marshlled AK public structure, used for LAK certificate verification.";
}
list certificates { description "The TPM's endorsement-certificate."; container certificate { leaf certificate-name { type string; description "An arbitrary name for this identity certificate or certificate chain."; } leaf certificate-type { type enumeration { enum endorsement-cert { value 0; } enum attestation-cert { value 1; } } description "Type of this certificate"; } leaf certificate-value { type ietfct:end-entity-cert-cms;
In network equipment following, there should exist IAK cert and LAK cert, so should we modify certificate-type as follows:
leaf certificate-type { type enumeration { enum endorsement-cert { value 0; description "EK Cert type."; }
Should we add AK information leaf node in certificate structure for LAK certificate verification? as follows: leaf ak-public-struture { type binary; description "Marshlled AK public structure, used for LAK certificate verification."; }