Bug #2104
closed
ndncert subject name only allows printable_string
0%
Description
printable string is very limited. In particular %@ are not allowed according to RFC, so all /ndn/guest/ certificate cannot be decoded properly.
The new patch is here: http://gerrit.named-data.net/#/c/1367/.
Updated by Alex Afanasyev over 9 years ago
- Status changed from Closed to Code review
Updated by Yingdi Yu over 9 years ago
Given DER encoding will be replaced by NDN TLV encoding, I do not think we need to address this issue for now.
Updated by Tai-Lin Chu over 9 years ago
I think we should address it now because I cannot get my certificate signed..
der encoding is actually tlv. Can you point out why we use this encoding in the first place?
Updated by Yingdi Yu over 9 years ago
If only special characters are the only reason for preventing your from generating a certificate, could you avoid using these characters? After all, no validation process is supposed to check this field for now.
The only reason we use DER is because, we borrow a lot stuff from X.509, and DER is used by X.509, and it turns out that DER is not quite convenient on many platforms (because it requires dependency on other endec libs), thus using NDN's own TLV would be a better choice.
Updated by Tai-Lin Chu over 9 years ago
x509 is widely adopted. I don't think this change from der to tlv matters in term of dependency because a lot of security libraries already depends on asn1.
my go-ndn library can quickly adapt this change.
Updated by Junxiao Shi over 9 years ago
- Category set to Security
- Target version set to v0.3
Updated by Junxiao Shi over 9 years ago
20141103 conference call decides:
- Yingdi should create a Feature for the feature mentioned in note-4.
- This Bug shall block on that Feature.
- http://gerrit.named-data.net/1367 should be Abandoned, and this Bug should return to Status=New, Assignee=None.
Updated by Lixia Zhang over 9 years ago
I heard that Tai-Lin might be using his own code to create cert?
If that is the case, I would also suggest that Tai-Lin stop doing that.
Updated by Yingdi Yu over 9 years ago
- Blocked by Task #2122: Replace DER encoded certificate using NDN's own TLV encoding added
Updated by Tai-Lin Chu over 9 years ago
This is not a hard problem for me because I can change my cert's subject.
However hardcoding "PRINTABLE_STRING" in ndn-cxx is wrong because there is no sanity check in the tool either.
at least we need to do one of the following
- we add sanity check in the tool, and say that no weird char is allowed
- simply change the encoding to utf8
- change der to ndn tlv (I think this is a big deal unless we are going to have significant change in ndn)
Updated by Junxiao Shi over 9 years ago
- Status changed from Code review to New
- Assignee deleted (
Tai-Lin Chu) - % Done changed from 100 to 0
Updated by Silja Peter about 9 years ago
Hi,
Convert non-printable chars in string into their printable form using following code
var print = require(printable-string)
console.log print("\x00 \t \v \u038b") // -> \x00 \t \v \u038b
console.log print("\x00 \t \v \u038b", {uppercase: true})
Thanks
Updated by Alex Afanasyev over 8 years ago
- Status changed from New to Abandoned
While the problem exists with the existing NDN certificate format, the upcoming NDN certificate format (http://named-data.net/doc/ndn-cxx/current/tutorials/certificate-format.html) will not have this problem.