Project

General

Profile

Actions

Task #2173

closed

Explain CertificateCache vs SecPublicInfo in Validator classes

Added by Adeola Bannis over 9 years ago. Updated almost 9 years ago.

Status:
Abandoned
Priority:
Normal
Assignee:
Category:
Docs
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

As part of adding signer validation to ndn-cpp, we are trying to follow ndn-cxx's Validator class. However, we have noticed that instead of using SecPublicInfo for certificate lookup and storage, the Validator classes use CertificateCache.

The CertificateCache uses the certificate name minus timestamp as a key when fetching/storing certificates, which allows matching with certificate names in KeyLocator fields in a Data packet. Is this the only reason for using a CertificateCache? Is there currently a mechanism for certificates in the CertificateCache to be added to SecPublicInfo, or do we need to keep these certificates separate?

Is there any documentation that indicates that the certificate store of the Validator classes is distinct from the SecPublicInfo used by the KeyChain, and why? Also, is there any documentation on the lifetime of the downloaded certificates?

Actions

Also available in: Atom PDF