This modification was implemented on 11 September 2023.
What is the issue?
Smart Energy Code (SEC) Appendix Z ‘CPL Requirements Document’ requires the Panel to check that a communication requesting a firmware Image to be associated with a Device Model on the Central Products List (CPL) originates from the person who created the Image and is endorsed by a Supplier. At present, the nature of the signatures used by manufacturers do not enable cryptographic authentication that the communication originates from a specific manufacturer beyond reasonable doubt. Neither a Supplier nor the Panel can therefore suitably verify the authenticity of the communication and therefore fully meet the SEC obligation.
What is the solution?
The DCC shall publish the Infrastructure Key Infrastructure (IKI) Certificate Revocation List (CRL) on-line for a range of uses that require authentication of IKI. In addition, the SEC legal drafting shall be updated to reflect that any organisation that needs to authenticate IKI Certificates is given access to and is required to check the CRL when receiving requests authenticated with an IKI token.
Who is impacted?
Large Suppliers
Small Suppliers
DCC
Other SEC Parties (Device Manufacturers)
What SEC documents are affected?
Section A ‘Definitions and Interpretations
Section L ‘SMKI and DCC Key Infrastructure’
Appendix D ‘SMKI Registration Authority Policies and Procedures’
Appendix Q ‘IKI Certificate Policy’
This is the April 2024 SEC Modifications Working Group meeting, where we will be discussing: MP085B ‘Synchronisation of Smart Meter voltage measurement periods (meters currently installed)’ MP244 ‘Device Alerts
This is the April 2024 SEC Issues Group meeting, where we discussed: PPM continuity plan Please see the meeting summary here: SEC Issues Group Meeting Summary - April 2024 (CLEAR)
This is the May 2024 SEC Modifications Working Group meeting, where we will be discussing: MP235 'Enhanced Meter Data Access for Other Users' Please see the meeting documentation here:
By subscribing you consent to receiving the SECAS newsletter.
Manage Cookie Consent
This website uses cookies. Please choose which categories of cookies you would like to enable.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.