Project

General

Profile

Actions
Copy link

Feature #1977

closed

PIB service: allow users to configure PIB to use sha256 digest as signature

Added by Yingdi Yu about 11 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Start date:
09/10/2014
Due date:
% Done:

0%

Estimated time:

Description

Generally speaking, PIB should sign its reply using a strong signature. However, some platforms (such as RaspberryPI) have constrained power and apps on the system may assume that NFD can be trusted to provide the data returned by PIB if NFD honestly performs prefix registration authentication and reject unsolicited data packet. In this case, it would be helpful to ask PIB to use sha256 digest as signature to reduce the overhead of signing.

An example of the proposed new configuration file should look like this:

pib-dir /usr/local/etc/ndn/pib              ; path to the db file
security 
{
  status on                                 ; strong sig is used when status is on, sha256 is used when status is off.
  tpm-dir /usr/local/var/ndn/pib/tpm        ; path to the tpm
  pib-root /usr/local/etc/ndn/pib/root.cert ; path to the pib root cert (trust anchor of pib service)
}
Actions
Copy link
 #1

Updated by Junxiao Shi about 11 years ago

security.status configuration option is unnecessary.

With #1705, we can instruct PIB service (or any other application) to use DigestSha256 by setting a special identity.

Actions
Copy link
 #2

Updated by Junxiao Shi over 8 years ago

  • Tracker changed from Task to Feature
  • Project changed from ndn-cxx to ndn-tools
  • Category deleted (Security)
Actions
Copy link
 #3

Updated by Junxiao Shi over 6 years ago

  • Status changed from New to Rejected

see #4205-3

Actions
Copy link

Also available in: Atom PDF