Project

General

Profile

Actions

Task #2122

closed

Replace DER encoded certificate using NDN's own TLV encoding

Added by Yingdi Yu about 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
11/03/2014
Due date:
% Done:

100%

Estimated time:

Description

DER encoding which is used by X.509 certificate imposes dependency requirements on ndn-cxx because current NDN certificate format is heavily based on X.509 certificate.
Since DER is only a TLV encoding mechanism, and NDN's own TLV is another TLV encoding mechanism.
Encoding certificate using NDN's own TLV may remove the dependency on DER encoding/decoding library.

Moreover, since changing encoding/decoding mechanism would inevitably change the certificate content, it would be good to review the current certificate design and change it if necessary so that we do not have to change certificate spec twice.


Related issues 5 (0 open5 closed)

Related to ndn-cxx - Task #2861: Write certificate format 2.0 docClosedYingdi Yu06/08/2015

Actions
Related to ndn-cxx - Feature #2868: ValidityPeriod abstraction for SignatureInfoClosedAlex Afanasyev06/09/2015

Actions
Related to ndn-cxx - Feature #3058: AdditionalDescription in SignatureInfoClosedYingdi Yu07/17/2015

Actions
Blocks ndn-cxx - Bug #2104: ndncert subject name only allows printable_stringAbandoned10/31/2014

Actions
Blocked by ndn-cxx - Task #2123: Revisit NDN certificate designClosedYingdi Yu

Actions
Actions #1

Updated by Yingdi Yu about 10 years ago

  • Blocks Bug #2104: ndncert subject name only allows printable_string added
Actions #2

Updated by Yingdi Yu about 10 years ago

  • Blocked by Task #2123: Revisit NDN certificate design added
Actions #3

Updated by Yingdi Yu about 10 years ago

  • Category set to Security
Actions #4

Updated by Tai-Lin Chu about 10 years ago

ecdsa signature uses asn1 encoding too.

crypto library already uses asn1 encoding, so this only solves part of dependency problem.

to truly get rid of der encoding, you will have to implement on how security saves private and public key too.

Actions #5

Updated by Yingdi Yu about 10 years ago

First, signature bits, as well as public key bits, should be opaque to NDN packets and certificates, so which encoding mechanism is used really does not matter.

Second, it is really unnecessary to require an NDN developer to understand both NDN-TLV and DER encoding at the same time.

Third, we do not want to completely get rid of der encoding, der encoding is still necessary for crypto operation, but certificate process per se is not crypto operation.

Actions #6

Updated by Junxiao Shi over 9 years ago

  • Related to Task #2861: Write certificate format 2.0 doc added
Actions #7

Updated by Yingdi Yu over 9 years ago

  • Related to Feature #2868: ValidityPeriod abstraction for SignatureInfo added
Actions #8

Updated by Junxiao Shi over 9 years ago

  • Related to Feature #3058: AdditionalDescription in SignatureInfo added
Actions #9

Updated by Junxiao Shi over 9 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Yingdi reveals at 20150727 conference call that this is completed with #2861.

Actions

Also available in: Atom PDF