laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/35692?usp=email )

Change subject: docs: Update osmo-smdpp with pointer to sysmoEUICC1-C2T and SGP.26 ......................................................................

docs: Update osmo-smdpp with pointer to sysmoEUICC1-C2T and SGP.26

Change-Id: Id031ca48549a3c2ac21c93a169262570843d8e2d --- M docs/osmo-smdpp.rst 1 file changed, 28 insertions(+), 0 deletions(-)

Approvals: Jenkins Builder: Verified laforge: Looks good to me, approved

diff --git a/docs/osmo-smdpp.rst b/docs/osmo-smdpp.rst index 5687fc6..a84ebee 100644 --- a/docs/osmo-smdpp.rst +++ b/docs/osmo-smdpp.rst @@ -19,6 +19,8 @@

osmo-smdpp currently

+* uses test certificates copied from GSMA SGP.26 into `./smdpp-data/certs`, assuming that your osmo-smdppp + would be running at the host name `testsmdpplus1.example.com` * always provides the exact same profile to every request. The profile always has the same IMSI and ICCID. * **is absolutely insecure**, as it @@ -91,3 +93,20 @@

It must also accept the TLS certificates used by your TLS proxy.

+Supported eUICC +~~~~~~~~~~~~~~~ + +If you run osmo-smdpp with the included SGP.26 certificates, you must use an eUICC with matching SGP.26 +certificates, i.e. the EUM certificate must be signed by a SGP.26 test root CA and the eUICC certificate +in turn must be signed by that SGP.26 EUM certificate. + +sysmocom (sponsoring development and maintenance of pySim and osmo-smdpp) is selling SGP.26 test eUICC +as `sysmoEUICC1-C2T`. They are publicly sold in the `sysmocom webshop https://shop.sysmocom.de/eUICC-for-consumer-eSIM-RSP-with-SGP.26-Test-Certificates/sysmoEUICC1-C2T`_. + +In general you can use osmo-smdpp also with certificates signed by any other certificate authority. You +just always must ensure that the certificates of the SM-DP+ are signed by the same root CA as those of your +eUICCs. + +Hypothetically, osmo-smdpp could also be operated with GSMA production certificates, but it would require +that somebody brings the code in-line with all the GSMA security requirements (HSM support, ...) and operate +it in a GSMA SAS-SM accredited environment and pays for the related audits.