OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ocpp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [ocpp] Groups - Request for Change - OCPP Security uploaded


Hi Marc,

15118 is a different RFC, this security RFC was not developed with focus on 15118. Please look at:
https://www.oasis-open.org/apps/org/workgroup/ocpp/download.php/58931/RFC15118.pdf

@Jonel: Is there an update for this document?
Is Marc in the loop for the development of the 15118 RFC?

Kind regards,
Robert de Leeuw

IHomer
Hoge Ham 85
5104 JC Dongen

John F. Kennedylaan 3
5555 XC Valkenswaard

T: +31 6 2857 2123
E: robert.de.leeuw@ihomer.nl

2016-11-09 12:15 GMT+01:00 Marc Mültin <marc.mueltin@v2g-clarity.com>:
Ah, I forgot to mention one very important thing:

Currently, OCPP is missing a datastructure to transmit the information contained in the so-called CertificateInstallationResponse message, which the EVSE needs to send to the EV during the installation process of a contrac certificate.
There is currently a working group headed by me which is working on a VDE Rules of Application document which defines the certificate handling of ISO 15118 for the "secondary actors“ (as the ISO 15118 calls them), so the CPOs (Charge Point Operators), OEMs and MOs (Mobility Operators) mainly. This will probably be available by the end of this year, at first in German and then (hopefully very fast) translated into English. This will be very helpful insight for the Security task group.

Attached you find an XML-representation of an exemplary CertificateInstallationRes (will be part of the above mentioned document) which has the following elements in its body:
- SAProvisioningCertificateChain: A certificate chain belonging to the so-called Certificate Provisioning Service which signs the contract certificate and key material (to be checked by the EV)
- ContractSignatureCertChain: The contract certificate chain originated by the mobility operator who issues the contract certificate
- ContractSignatureEncryptedPrivateKey: The encrypted private key which belongs to the contract certificate (and with which the EV signs some messages)
- DHpublicKey: The Diffie-Hellman public key parameter as part of the encryption/decryption process for the encrypted private key of the contract certificate
- eMAID: The EMAID for the contract certificate

We need to make sure that these data elements can be transferred from the Central Server to the Charge Point with OCPP (including the header with its signatures).



Best,

Dr.-Ing. Marc Mültin
V2G Clarity


Expertenwissen und Blog zur E-Mobilität sowie dem Vehicle-2-Grid Kommunikationsstandard ISO 15118 unter:



Am 08.11.2016 um 21:30 schrieb Robert de Leeuw <robert.de.leeuw@ihomer.nl>:

Submitter's message
I have received an updated version of the Security RFC.
If you are participating in the Security call on Wednesday and haven't read the Security proposal, please take some to to browse through it.

Kind regards

Robert de Leeuw (IHomer)
-- Mr. Robert de Leeuw
Document Name: Request for Change - OCPP Security

Description
This document describes a security specification for the OCPP protocol. The
OCPP protocol is used to connect Electric Vehicle Charge Points to the
Central System. The security specification was prepared by ENCS on request
of ElaadNL to support the further development and standardization of OCPP.
It is based amongst others on the end-to-end security design prepared for
Elaad by LaQuSo [22].
Download Latest Revision
Public Download Link

Submitter: Mr. Robert de Leeuw
Group: OASIS OCPP Electric Vehicle Charging Equipment Data Exchange TC
Folder: Contributions
Date submitted: 2016-11-08 04:29:59
Revision: 1






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]