Project

General

Profile

Actions
Copy link

Feature #1529

closed

PIB service

Added by Yingdi Yu almost 10 years ago. Updated over 8 years ago.

Status:
Abandoned
Priority:
Normal
Assignee:
Yingdi Yu
Category:
Security
Target version:
v0.4
Start date:
Due date:
% Done:

100%

Estimated time:

Description

SecPublicInfo is a database containing public information of keys (such as identity, public key, and certificates).
When an application needs to sign a data (or interest), SecPublicInfo provides the information that can help the application to select the appropriate signing key and the corresponding certificate of the signing key.

For now, SecPublicInfo is implemented as a file-based database with sqlite3 interfaces.
Such an implementation may have following issues:

  • Language Dependency: the public information should be platform-independent, i.e., applications and libraries developed in different languages should be able to get the public information.
  • Flexibility: If people want to develop a new library that will use the public information, they should follow a standard protocol or interface, instead of a detailed implementation.
  • Access Control: all the public information is stored in a file. Anyone who has the access to the file can change the public information, so that application may sign data based on wrong information.
  • Multi-User Support: The file containing the database is a file under a user's home directory, so that each user has its own public information database which is not shared with other users. However, for system-level applications (such as nrd and nfd), they may need users' public information. For users, public information of system level application would also be useful.

Therefore, it would be better to make SecPublicInfo as a service which provides an lookup interface and also serves as a guard of the public information.
Here is a rough idea about this service (detailed protocol design will be posted on wiki page):

  • The service is still implemented as an NDN application and runs as a daemon.
  • Read operations (lookups) will be implemented as normal interests.
  • Write operation (adding/deleting/modifying) will be implemented as command interests (to enable access control)
  • The service will also publish certificates in the database.

Design doc is available at http://redmine.named-data.net/projects/ndn-cxx/wiki/PublicKey_Info_Base

Related issues 4 (0 open4 closed)

Related to ndn-tools - Feature #3018: PIB serviceClosedYingdi Yu

Actions
Blocks NFD - Feature #2181: Disallow unsolicited Data from local appsClosedJunxiao Shi

Actions
Blocked by ndn-cxx - Feature #2279: Signal: allow only owner to emit eventsClosedJunxiao Shi

Actions
Blocks ndn-cxx - Feature #1794: Make KeyChain use PIB ServiceRejected

Actions
Actions
Copy link

Also available in: Atom PDF