Broken design pattern in the certificate.proto

[robszewczyk]

Problem

Version 1.4 of the DCL introduced extensions to certificate.proto :

  bool isNoc = 15;
  uint32 schemaVersion = 16;

The design pattern is short-sighted and error prone:

• extending this pattern to other types of PKI would suggest additional key types are specified through boolean flags -- e.g. isVidSigner
• specifying additional flags gets very problematic in cases where exactly one of the flags must be true.
• consumers of the API are lulled into a false sense of security w.r.t. default cases -- even in the current design, the client deduces that the certificate comes from the DA PKI by checking isNoc == false. This scheme is destined to break backward compatibility if we introduce any additional certificate chain.

Proposed solution

• Introduce enumeration CertificateType. On day 0, that enumeration would have three values:

  enum CertificateType {
  DeviceAttestationPKI = 0;
  OperationalPKI = 1;
  VIDSignerPKI = 2;
  }

• Rename isNoc to certificateType:

    CertificateType certificateType = 15;

This remains wire compatible with the previous isNoc because both bool and enums are encoded as varints.

[hawk248]

DCL TT : change isNoc to enum as specified here.