Task #2122
closed
Replace DER encoded certificate using NDN's own TLV encoding
Added by Yingdi Yu about 10 years ago.
Updated over 9 years ago.
Description
DER encoding which is used by X.509 certificate imposes dependency requirements on ndn-cxx because current NDN certificate format is heavily based on X.509 certificate.
Since DER is only a TLV encoding mechanism, and NDN's own TLV is another TLV encoding mechanism.
Encoding certificate using NDN's own TLV may remove the dependency on DER encoding/decoding library.
Moreover, since changing encoding/decoding mechanism would inevitably change the certificate content, it would be good to review the current certificate design and change it if necessary so that we do not have to change certificate spec twice.
- Blocks Bug #2104: ndncert subject name only allows printable_string added
- Blocked by Task #2123: Revisit NDN certificate design added
ecdsa signature uses asn1 encoding too.
crypto library already uses asn1 encoding, so this only solves part of dependency problem.
to truly get rid of der encoding, you will have to implement on how security saves private and public key too.
First, signature bits, as well as public key bits, should be opaque to NDN packets and certificates, so which encoding mechanism is used really does not matter.
Second, it is really unnecessary to require an NDN developer to understand both NDN-TLV and DER encoding at the same time.
Third, we do not want to completely get rid of der encoding, der encoding is still necessary for crypto operation, but certificate process per se is not crypto operation.
- Related to Task #2861: Write certificate format 2.0 doc added
- Related to Feature #2868: ValidityPeriod abstraction for SignatureInfo added
- Related to Feature #3058: AdditionalDescription in SignatureInfo added
- Status changed from New to Closed
- % Done changed from 0 to 100
Yingdi reveals at 20150727 conference call that this is completed with #2861.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by