SecPublicInfo is a database containing public information of keys (such as identity, public key, and certificates).
When an application needs to sign a data (or interest),
SecPublicInfo provides the information that can help the application to select the appropriate signing key and the corresponding certificate of the signing key.
SecPublicInfo is implemented as a file-based database with sqlite3 interfaces.
Such an implementation may have following issues:
- Language Dependency: the public information should be platform-independent, i.e., applications and libraries developed in different languages should be able to get the public information.
- Flexibility: If people want to develop a new library that will use the public information, they should follow a standard protocol or interface, instead of a detailed implementation.
- Access Control: all the public information is stored in a file. Anyone who has the access to the file can change the public information, so that application may sign data based on wrong information.
- Multi-User Support: The file containing the database is a file under a user's home directory, so that each user has its own public information database which is not shared with other users. However, for system-level applications (such as nrd and nfd), they may need users' public information. For users, public information of system level application would also be useful.
Therefore, it would be better to make SecPublicInfo as a service which provides an lookup interface and also serves as a guard of the public information.
Here is a rough idea about this service (detailed protocol design will be posted on wiki page):
- The service is still implemented as an NDN application and runs as a daemon.
- Read operations (lookups) will be implemented as normal interests.
- Write operation (adding/deleting/modifying) will be implemented as command interests (to enable access control)
- The service will also publish certificates in the database.
Design doc is available at http://redmine.named-data.net/projects/ndn-cxx/wiki/PublicKey_Info_Base
Updated by Junxiao Shi over 5 years ago
- Status changed from Code review to In Progress
Yingdi reveals at 20150218 conference call that further progress of PIB service is blocked by "the new EventEmitter" aka
Signal, which is in fact completed two months ago.
Yingdi agrees to resume working on PIB service.
Since additional work is needed in this issue, Status is reverted to 'In Progress'.