The following statement in IEC 62351-5, Subclause 8.2.5.9:
“All devices that permit remote changing of Update Keys shall implement Key Change Method <4>, the symmetric method employing AES-128 for encryption and HMAC-SHA-256 for authentication. All other Update Key Change Methods shall be optional”
does not correspond to Table 35, where option <4> indicates AES-256 (AES-128 is not present in the table).
Issue 2:
In Subclause 7.2.9.2 the Key Change Methods <3> and <67> are not present in Subclause 8.2.5.9, Table 35.
1) Change AES-128 to AES-256 in the above statement at Subclause 8.2.5.9.
2) Remove options <3> and <67> from the list in Subclause 7.2.9.2
Discussion
Created
Status
Resolution for Issue 1.
In subclause 8.2.5.9 the statement in the fourth paragraph shall be corrected to the following text:
"All devices that permit remote changing of Update Keys shall implement Key Change Method
<4>, the symmetric method employing AES-256 for key wrapping and HMAC-SHA-256 for
authentication. All other Update Key Change Methods shall be optional."
Resolution for Issue 2.
In subclause 7.2.9.2, in the list of Key Change Methods values (KCM), the text of KCM 3 and 67 shall be removed and replaced with the word "reserved". See attached file.
10 Jan 25
Approval (Editoral)
For issue 1: I believe it would be more correct to say "AES-256 key wrapping" instead of using "AES-256 for encryption". key wrapping is more than just encrypting something.
For issue 2: We could also decide to add them to table 35 in subclause 8.2.5.9