Documentation: some question + feeback from README's content

[loicsikidi]

Hi,

First and foremost thank you for this initiative of this repo and the clarity of the README 👏!

Nonetheless, I've some interrogation regarding the some statements that I've seen and I would like to have your feedback.

Please find them below:

1. 3. Switch owner uses EK (or EK cert) to issue LAK cert > Cons

   We can find Switch vendors need to support issuance of LAKs. shouldn't be « Switch owners need to support issuance of LAKs. » knowing LAKs belongs to the switch owner? If I'm right, it is really a drawback?

2. 4. Switch owner issues LAK cert based on IAK cert signed by switch vendor CA > Cons

   Same remark as above

3. If I understand correctly, in your design the oIDevID (provisionned by EnrollZ) is ONLY used in order to interact w/ AttestZ service (ie. gRPC server).

   The doc says « Once the attestation workflow is complete for both control cards, AttestZ service will provision the device with mTLS credentials/certs».

   I've a question regarding this mTLS credentials, can it be referenced as a LDevID or it's something that isn't related to TPM 2.0 Keys for Device Identity and Attestation's certs?

Thank in advance for your answers 🙏!

KR,

[loicsikidi]

@melzhan @jenia-grunin could you plz take a look 🙏?