Dear Harald,
Thanks for the answer.
that is true, and has been very clear from the very beginning of the eSIM universe. It's a *MASSIVE* shift of control from "whoever is technically capaable to issue a chip card with an UICC/USIM profile on it" to a single, cerntralized entity of control. It's one of my main criticisms of this scheme.
No doubt, this is terrible. And I am not even sure how soon we will see the increase of UEs that has not physical SIM slots at all...
The eUICC specifications explicitly permit multiple roots of trust, and I have personally successfully created such eUICCs.
It's just that the eUICCs don't offer anyone the addition of such roots of trust except [even that optionally] the EUM (eUICC manufacturer).
Yeah, this would be a solution if I want to build my own UEs and can embed an EUM eUICC, so I can upload my own certs, then I could use my own SM-DP+ and eSIM profiles. Not really an option for private network operators with commercial UEs at play unfortunately.
sysmocom does not have any plans to operate a GSMA-accredited SM-DP+ itself. However, we do work with partners who do and we are able to issue GSMA-signed eSIM profiles. If I wouldn't be constantly distracted by other tasks, we would also have completed the development of a web-based platform where customers can personalize such profiles - sadly that is still WIP at this point. But we can do it manually, if you have a UPP that you'd want to get signed.
Shall I reach out to you in private to further discuss this?
Regards, Csaba