SPDM Cryptography Selection #121
Replies: 5 comments 1 reply
-
|
Current LIBSPDM hardcodes the selection in https://github.com/DMTF/libspdm/blob/main/library/spdm_responder_lib/algorithms.c, search *_priority_table. |
Beta Was this translation helpful? Give feedback.
-
|
The OCP attestation specification also has guidelines for cryptography algorithm support.
|
Beta Was this translation helpful? Give feedback.
-
|
PCISIG "CMA ECN" mentioned below requirement: Responders must, for BaseAsymAlgo, support one or more of the following: Requesters and responders must, for MeasurementHashAlgo, support one or both of the following: |
Beta Was this translation helpful? Give feedback.
-
|
I wrote this chunk of the OCP spec. The idea was to align with both CMA allowed values, so the minimums are based on CMA, and also to align with CNSA, which OCP references. |
Beta Was this translation helpful? Give feedback.
-
|
An open question: Do we want to provide a hook to let spdm consumer decide what the priority list is? E.g. between RSA3072 and ECDSA256, which is preferred? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, I think it's fine for libspdm to default to
but allow the integrator to override that with their own priority algorithm. |
Beta Was this translation helpful? Give feedback.
-
This blog post details how the golang TLS library presents cryptography suites to developers. Seems applicable to SPDM as it leverages a lot from TLS.
https://go.dev/blog/tls-cipher-suites
Beta Was this translation helpful? Give feedback.
All reactions