I'm getting a little bit lost?
Do we talk about Certificates for BPI+ Authentication to proof the legitimate of the cable modem MAC-Address during the registration, where in fact the Manufacturer- and CM-Certificate (which contains the CM RSA Public-Key) is a part of the Baseline Privacy Key Management (BPKM)?
OR
Do we talk about the Secure Software Download (SSD), where the ISP of course can Co-Sign the cable modem monolithic firmware, which is also signed by the Manufacturer CVC CA which normally is independent to the the whole BPI+ section. Also it's clear that the Co-Sign-Mechanism is used for the purpose that the ISP can use only ONE CVC Hex-Value for cable modem firmware from different manufacturers. So he can avoid the problem to generate unique cable modem cfg-files for each manufacturer.
For my feeling the thread starter was looking into the BPI+ direction and not for SSD. So I'm not sure why ABMJR started with the Co-Signer topic at all.
Also, I'm aware that the specification and implementations on the cable routers can allow Self-Signed Certificates for the BPI+ procedure. Mostly because of very old Docsis 1.0 to Docsis 1.1 Transition-Fuckups. But the Co-Signer CVC stuff shouldn't nothing to do with this.
But toniou didn't come back into the discussion, so it's wasted time anyway.
Do we talk about Certificates for BPI+ Authentication to proof the legitimate of the cable modem MAC-Address during the registration, where in fact the Manufacturer- and CM-Certificate (which contains the CM RSA Public-Key) is a part of the Baseline Privacy Key Management (BPKM)?
OR
Do we talk about the Secure Software Download (SSD), where the ISP of course can Co-Sign the cable modem monolithic firmware, which is also signed by the Manufacturer CVC CA which normally is independent to the the whole BPI+ section. Also it's clear that the Co-Sign-Mechanism is used for the purpose that the ISP can use only ONE CVC Hex-Value for cable modem firmware from different manufacturers. So he can avoid the problem to generate unique cable modem cfg-files for each manufacturer.
For my feeling the thread starter was looking into the BPI+ direction and not for SSD. So I'm not sure why ABMJR started with the Co-Signer topic at all.
Also, I'm aware that the specification and implementations on the cable routers can allow Self-Signed Certificates for the BPI+ procedure. Mostly because of very old Docsis 1.0 to Docsis 1.1 Transition-Fuckups. But the Co-Signer CVC stuff shouldn't nothing to do with this.
But toniou didn't come back into the discussion, so it's wasted time anyway.