Project

General

Profile

Actions
Copy link

Feature #1483

closed

Enable directory type of trust-anchor in ValidatorConfig

Added by Yingdi Yu about 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Yingdi Yu
Category:
Security
Target version:
v0.2
Start date:
04/14/2014
Due date:
% Done:

100%

Estimated time:

Description

In some cases, it would be undesirable to add trust-anchor section for each trusted-certificate.
Therefore, it would be useful to specify a trust anchor directory and load trusted certificates from there.

trust-anchor
{
  type dir
  dir /usr/local/ndn/keys
  refresh 10s
}

The type property of such a trust-anchor should be dir.
It should also have a dir property whose value is an absolute path to the directory.
It may also have an optional property refresh to indicate how frequently the certificate should be refreshed (i.e., reloaded from the directory).
The refresh value must be a positive integer followed by a character as unit indicator such as (10s for 10 seconds)

Actions
Copy link
 #1

Updated by Alex Afanasyev about 10 years ago

There is a question here. Should validator look into this directory every time it does validation or is it a one-time task at the application start? Or should it be provided with a call to reload settings?

Actions
Copy link
 #2

Updated by Yingdi Yu about 10 years ago

I would like to leave the decision to users by providing a property refresh

trust-anchor
{
  type dir
  dir /usr/local/ndn/keys
  refresh 10
}

If the value of refresh is positive, then Validator will periodically reload trust anchors.
And the value is the time to wait (in seconds) for next reload.

If the value of refresh is negative, then Validator will load trust anchors only when it is created.

If the value of refresh is 0, then we need to set up some watcher on the directory to detect any changes... (I am not sure how to do this)

Actions
Copy link
 #3

Updated by Alex Afanasyev about 10 years ago

We did watcher implementation, but it requires (in order to be easily platform independent) QT :( I would not have it in the library at all.

I would say refresh should be either positive time unit (I prefer it to be like 1 hour, 20 seconds, etc. I think there is a method for that somewhere) to do periodic refresh. If 0, then no refresh and use needs to do something. (We just need to provide a method to do manual refresh.)

Actions
Copy link
 #4

Updated by Yingdi Yu about 10 years ago

  • Description updated (diff)

Agree. We can just make refresh optional. If it is not specified, then no periodical refreshing.

Actions
Copy link
 #5

Updated by Yingdi Yu almost 10 years ago

  • Status changed from New to Code review
Actions
Copy link
 #6

Updated by Yingdi Yu almost 10 years ago

  • Category set to Security
  • Target version set to v0.2
Actions
Copy link
 #7

Updated by Alex Afanasyev almost 10 years ago

  • Status changed from Code review to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF