Add trust list: The Hubject V2G PKI

[github-actions]

This PR adds the trust list "The Hubject V2G PKI" as requested in issue #31.

Website: https://www.hubject.com/download-pki
Policy: https://www.hubject.com/download-pki

Original description:

Hubject V2G PKI Overview

The Hubjecte V2G PKI (Vehicle-to-Grid Public Key Infrastructure) is a security framework designed to facilitate secure communication and authentication between electric vehicles (EVs), charging stations, and other entities within the e-mobility ecosystem. It is a critical component of the ISO 15118 standard, which governs Plug & Charge technology, allowing for seamless and secure EV charging without requiring physical payment methods or manual user authentication.

Key Components of the Hubject V2G PKI

1. Root Certificate Authority (Root CA)

• The trust anchor for the entire ecosystem.
• Issues certificates to intermediate CAs (Sub-CAs).

2. Subordinate Certificate Authority (Sub-CA)

• Issues certificates to participants such as charging stations, EV manufacturers, and mobility operators.
• Ensures that entities are authenticated and authorized to participate in Plug & Charge.

3. Provisioning Authority (PA)

• Manages the distribution of Contract Certificates to EV users.
• Ensures that only valid and verified vehicles and users can participate in Plug & Charge transactions.

4. Registration Authority (RA)

• Responsible for verifying the identity of entities before issuing certificates.
• Handles certificate lifecycle processes, including issuance, renewal, and revocation.

5. Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)

• Supports real-time validation and revocation of certificates to maintain system security.

How the Hubject V2G PKI Works

1. Certificate Issuance

• Electric vehicle manufacturers and charging station operators obtain certificates from the Sub-CA.
• EV users receive Contract Certificates tied to their charging agreements, enabling Plug & Charge.

2. Authentication Process

• When an EV connects to a charging station, the station verifies the vehicle’s Contract Certificate against the Hubject V2G PKI.
• Mutual TLS (mTLS) is used to establish a secure communication channel.

3. Transaction Validation

• The charging station authenticates the EV’s certificate.
• The EV verifies the charging station’s certificate, ensuring both parties are trusted.

4. Payment and Billing

• Once the vehicle is authenticated, the system initiates and logs the charging session.
• Payment is processed automatically based on the linked Contract Certificate.

Security Features of Hubject V2G PKI

• Mutual Authentication: Both EVs and charging stations authenticate each other using X.509 certificates.
• Data Integrity: Digital signatures protect communication from tampering.
• Confidentiality: All communication is encrypted to prevent eavesdropping.
• Certificate Lifecycle Management: Ensures timely renewal and revocation of certificates to maintain trust.

Key Standards and Compliance

• ISO 15118-2 and ISO 15118-20: Defines Plug & Charge communication protocols.
• ETSI and eIDAS: Ensures compliance with European security regulations.
• WebTrust for CAs: Establishes best practices for PKI operations.

Closes #31