{
  "comments": [
    {
      "unresolved": true,
      "key": {
        "uuid": "f00a2814_36ab91c0",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 80,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-17T12:06:38Z",
      "side": 1,
      "message": "We need to check back if this really works. Does the isdp_aid really point to the ISD we set up in the securityDomain PE?\n\nIn the experiments I have done so far, the select to the ISD-P by the isdp_aid is successful. When I try get_data key_information I get an empty list back. I always thought that was due to the fact that I had no secure channel yet. But apparently the key_information does not require a secure channel.\n\nWhen I look at the profile package. I see that the securityDomain PE specifies an \u0027instanceAID\u0027 field. When I select the AID in that field everything starts to look normal and I can even establish the SCP03 secure channel.\n\nThis is a bit confusing. I thought the securityDomain PE and the ISD-P were the same thing. I think this is something we should clarify and write down in this tutorial.",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": false,
      "key": {
        "uuid": "4cf5210a_e1df87dc",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 80,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-19T16:33:15Z",
      "side": 1,
      "message": "I have now reworked this. When I get https://euicc-manual.osmocom.org/docs/lpa/applet-id/ correctly then the purpose of the ISD-P is to be some kind of secure container of the profile. When it also is the \"on-card representative of the SM-DP+\", then the eSIM profile owner (MNO) probably has no influence here at all. This also may explain why it has no keys provisioned. As far as I understand now the ISD-P is not interesting at all in the scope of this tutorial. What we are interested in is the securityDomain that is specified in the eSIM profile.",
      "parentUuid": "f00a2814_36ab91c0",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": true,
      "key": {
        "uuid": "d02dc6e7_d739cea5",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 405,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-13T17:20:51Z",
      "side": 1,
      "message": "I am not sure with this range. I found it in the following patch: \nhttps://cgit.osmocom.org/pysim/commit/?h\u003dneels/wip\u0026id\u003d52e84a0badd49518f1f5bfeffdef00d637a9eb33\n\nHowever, when I try to provision a SCP81 key in this range, the card does not accept the key.",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": false,
      "key": {
        "uuid": "b26a03d3_2f32e64e",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 405,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-19T16:50:40Z",
      "side": 1,
      "message": "I finally found a reference for the KVN range used with SCP81 and it even aligns with my practical observations.",
      "parentUuid": "d02dc6e7_d739cea5",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": true,
      "key": {
        "uuid": "e399c246_e2140b13",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 462,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-13T17:20:51Z",
      "side": 1,
      "message": "I am not sure with the purpose of those two keys. Its just an educated guess: We have the PSK for TLS and a DEK key in case we want to do key updates.",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": false,
      "key": {
        "uuid": "3eab4fe4_cf6a6d15",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 462,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-19T16:33:15Z",
      "side": 1,
      "message": "I have checked this back. Remote Application Management over HTTP – Public Release v1.1.2, section 3.3.2 clearly says that the second key is a DEK key. So this is correct.",
      "parentUuid": "e399c246_e2140b13",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": true,
      "key": {
        "uuid": "ebb60afd_8df5f58f",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 808,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-13T17:20:51Z",
      "side": 1,
      "message": "I also tried to provision the key within the permitted range from the table above but it didn\u0027t work.",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    },
    {
      "unresolved": false,
      "key": {
        "uuid": "0fd3061e_302f0487",
        "filename": "docs/put_key-tutorial.rst",
        "patchSetId": 2
      },
      "lineNbr": 808,
      "author": {
        "id": 1000028
      },
      "writtenOn": "2026-03-19T16:50:40Z",
      "side": 1,
      "message": "Done",
      "parentUuid": "ebb60afd_8df5f58f",
      "revId": "177a45d2ae3c8df71a744fc145ed442fa53914a5",
      "serverId": "035e6965-6537-41bd-912c-053f3cf69326"
    }
  ]
}