ndncert subject name only allows printable_string
printable string is very limited. In particular %@ are not allowed according to RFC, so all /ndn/guest/ certificate cannot be decoded properly.
The new patch is here: http://gerrit.named-data.net/#/c/1367/.
Updated by Yingdi Yu over 5 years ago
If only special characters are the only reason for preventing your from generating a certificate, could you avoid using these characters? After all, no validation process is supposed to check this field for now.
The only reason we use DER is because, we borrow a lot stuff from X.509, and DER is used by X.509, and it turns out that DER is not quite convenient on many platforms (because it requires dependency on other endec libs), thus using NDN's own TLV would be a better choice.
Updated by Tai-Lin Chu over 5 years ago
This is not a hard problem for me because I can change my cert's subject.
However hardcoding "PRINTABLE_STRING" in ndn-cxx is wrong because there is no sanity check in the tool either.
at least we need to do one of the following
- we add sanity check in the tool, and say that no weird char is allowed
- simply change the encoding to utf8
- change der to ndn tlv (I think this is a big deal unless we are going to have significant change in ndn)
Updated by Alex Afanasyev over 4 years ago
- Status changed from New to Abandoned
While the problem exists with the existing NDN certificate format, the upcoming NDN certificate format (http://named-data.net/doc/ndn-cxx/current/tutorials/certificate-format.html) will not have this problem.