Project

General

Profile

Actions

Bug #2104

closed

ndncert subject name only allows printable_string

Added by Tai-Lin Chu about 10 years ago. Updated almost 9 years ago.

Status:
Abandoned
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
10/31/2014
Due date:
% Done:

0%

Estimated time:

Description

printable string is very limited. In particular %@ are not allowed according to RFC, so all /ndn/guest/ certificate cannot be decoded properly.

The new patch is here: http://gerrit.named-data.net/#/c/1367/.


Related issues 1 (0 open1 closed)

Blocked by ndn-cxx - Task #2122: Replace DER encoded certificate using NDN's own TLV encodingClosed11/03/2014

Actions
Actions #1

Updated by Tai-Lin Chu about 10 years ago

  • % Done changed from 0 to 100
Actions #2

Updated by Tai-Lin Chu about 10 years ago

  • Status changed from New to Closed
Actions #3

Updated by Alex Afanasyev about 10 years ago

  • Status changed from Closed to Code review
Actions #4

Updated by Yingdi Yu about 10 years ago

Given DER encoding will be replaced by NDN TLV encoding, I do not think we need to address this issue for now.

Actions #5

Updated by Tai-Lin Chu about 10 years ago

I think we should address it now because I cannot get my certificate signed..

der encoding is actually tlv. Can you point out why we use this encoding in the first place?

Actions #6

Updated by Yingdi Yu about 10 years ago

If only special characters are the only reason for preventing your from generating a certificate, could you avoid using these characters? After all, no validation process is supposed to check this field for now.

The only reason we use DER is because, we borrow a lot stuff from X.509, and DER is used by X.509, and it turns out that DER is not quite convenient on many platforms (because it requires dependency on other endec libs), thus using NDN's own TLV would be a better choice.

Actions #7

Updated by Tai-Lin Chu about 10 years ago

x509 is widely adopted. I don't think this change from der to tlv matters in term of dependency because a lot of security libraries already depends on asn1.

my go-ndn library can quickly adapt this change.

Actions #8

Updated by Junxiao Shi about 10 years ago

  • Category set to Security
  • Target version set to v0.3
Actions #9

Updated by Junxiao Shi about 10 years ago

20141103 conference call decides:

  • Yingdi should create a Feature for the feature mentioned in note-4.
  • This Bug shall block on that Feature.
  • http://gerrit.named-data.net/1367 should be Abandoned, and this Bug should return to Status=New, Assignee=None.
Actions #10

Updated by Lixia Zhang about 10 years ago

I heard that Tai-Lin might be using his own code to create cert?
If that is the case, I would also suggest that Tai-Lin stop doing that.

Actions #11

Updated by Yingdi Yu about 10 years ago

  • Blocked by Task #2122: Replace DER encoded certificate using NDN's own TLV encoding added
Actions #12

Updated by Tai-Lin Chu about 10 years ago

This is not a hard problem for me because I can change my cert's subject.

However hardcoding "PRINTABLE_STRING" in ndn-cxx is wrong because there is no sanity check in the tool either.

at least we need to do one of the following

  1. we add sanity check in the tool, and say that no weird char is allowed
  2. simply change the encoding to utf8
  3. change der to ndn tlv (I think this is a big deal unless we are going to have significant change in ndn)
Actions #13

Updated by Junxiao Shi almost 10 years ago

  • Status changed from Code review to New
  • Assignee deleted (Tai-Lin Chu)
  • % Done changed from 100 to 0
Actions #14

Updated by Silja Peter over 9 years ago

Hi,
Convert non-printable chars in string into their printable form using following code
var print = require(printable-string)
console.log print("\x00 \t \v \u038b") // -> \x00 \t \v \u038b
console.log print("\x00 \t \v \u038b", {uppercase: true})

Thanks

Actions #15

Updated by Alex Afanasyev almost 9 years ago

  • Status changed from New to Abandoned

While the problem exists with the existing NDN certificate format, the upcoming NDN certificate format (http://named-data.net/doc/ndn-cxx/current/tutorials/certificate-format.html) will not have this problem.

Actions

Also available in: Atom PDF