DMTF Shares Plans for Session Keys in SPDM 1.1

DMTF is detailing the work in progress on its upcoming Security Protocol and Data Model (SPDM) Specification, release 1.1, in a new presentation now available for download. SPDM is developed by DMTF’s Platform Management Components Intercommunication (PMCI) Security Task Force and provides message exchange, sequence diagrams, message formats, and other relevant semantics for authentication, firmware measurement, and certificate retrieval. 
 
Building on SPDM 1.0 standard protocols for device authentication, SPDM 1.1 will define secure session protocols using the following key exchange schemes:  
 
1. SIGMA protocoloption – based on ephemeral Diffie-Hellman (DH) key exchange and digital signatures
 
2. Pre-shared secretoption – based on a pre-shared secret key known to both endpoints
 
For additional information on SPDM 1.1, please download the full presentation
 
Designed to be referenced by other standards organizations and developers, DMTF invites public comment on SPDM WIP specifications and activities before they are finalized.Feedback may be submitted on our website at https://www.dmtf.org/standards/feedback/.