My understanding of the use case for server generated keys is for existing, deployed systems where the system can easily get a firmware update, but the hardware TPM itself is unable/unwilling to generate new keys, and can't be upgraded, but keys can be loaded.
Systems like Hannes' company produces, where the TPM is really a TEE don't suffer from the upgrade problem, but there are many other systems out there based upon older designs. And, it's an optional part of the protocol; one I don't intend to support. I don't see why it should bother anyone. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace