What is new and what I need to have in consideration for the implementation of -20
Mutual TLS:
In -2, the EV needed to verify the charging point based with TLS 1.2, in the new standard ISO15118-20, the verification via TLS 1.3 it is mutual, that means that not only the EV verify the charging point but the charging point verifies as well that an EV is connected to it.
New Certificate crypto-curve:
As the market becomes more matured and used, the standards must keep up and make the processes more secure, therefore, in the new -20 standard, certificates uses more secure algorithms. In the new standard, it states that certificates must use secp521 or ed448. Our current PKI is adapted to sign certificates with secp521.
Larger Certificate size and chert-chain:
With a more secure algorithm comes also changes in the size of the certificate, that means that the size of the certificate will increase up to 1600 bytes, max but also in difference with -2, -20 have the possibility to have up to 5 certificate chains due to the Cross Signing.
SECCID Defined for CPO leaf cert:
In ISO15118-2, the Common Name (CN) in the leaf certificate of the charging point was defined as CPID, which we, Hubject, recommends putting the EVSEID. In the new version of the standard, it is defined that only the SECCID can be in the CN of the leaf certificate of the charging point.
The SECCID is defined as following:
<SECCID> = <Country Code> <S> <ID Type> <S> <ControlerID> <S> <Check Digit>
For further information about the REGEX, please click here.
Vehicle Certificate:
In -20, not only the vehicle verifies the charging point but also the charging point verifies the vehicle, therefore, the Vehicle Certificate is added in the process, so the charging point can verify that a vehicle is plugged in the other side of the connection.
PCID:
For the ISO15118-20, the PCID is defined and has a new syntax which can help to identify that the value belongs to a PCID:
<PCID> = <WMI> <S> <ID Type> <S> <OEM's own unique ID> <S> <Check Digit>
The ID Type according to the standard, it should be a letter “P”, which indicates that is a PCID. For more information about the new syntax, please see section C.2.1 PCID Syntax in the ISO15118-20 standard.
Additional Call in Hubject PnC Ecosystem:
Having the capacity of handling 2 different standards, our system is prepared to handle certificates that have the same PCID in ISO15118-2 and -20 versions. That means that there can be two provisioning certificates with the same PCID; one can be signed using signature algorithm SHA256 and the other SHA512. For the MO to know what signature algorithms does a PCID have, the following request can provide the signature algorithms for that PCID: GetProvisioningCertificateSignatureAlgorithms (provide link to that part)
For more information of what has been added in each service, please check the following links where shows the added parameters.