Feature #2376
closed
CommandInterestValidator
100%
Description
Command interest validation requires both signature verification and timestamp checking.
There are several potential ways to handle signature verification (e.g., ValidatorRegex and ValidatorConfig), while there are also several potential ways to handle timestamp checking (e.g., send-and-stop, session-based control). A desired abstraction would be to separate the two functionalities apart.
This feature implements a validator that checks the timestamp of a stop-and-wait CommandInterest, while delegating signature verification to another inner validator.
Updated by Alex Afanasyev almost 10 years ago
- Related to Feature #2065: ValidatorRegex: verify signed Interest added
Updated by Yingdi Yu over 9 years ago
- Subject changed from Make signed interest validation a common procedure of all Validator implementations to Separate timestamp checking from Validator
- Description updated (diff)
- Assignee set to Michael Sweatt
Updated by Junxiao Shi over 9 years ago
There is no command Interest concept. The protocol is called SignedInterest, unless you revise it.
Updated by Junxiao Shi over 9 years ago
From Yingdi:
I think we have resolved this name issue long time ago. The conclusion is that signed interest only contains signatureInfo and signatureType, command interest is a signed interest, but with two more components: timestamp and nonce.
Update protocol spec to reflect this change.
Updated by Yingdi Yu over 9 years ago
- Status changed from New to Code review
- % Done changed from 0 to 90
Updated by Junxiao Shi over 9 years ago
Yingdi updated specs on May 25: SignedInterest, CommandInterest.
Updated by Junxiao Shi over 9 years ago
commit:9daa09792ce702fe3d6e4b8b90a768297f87e228 weakens the security guarantees provided by ValidatorConfig::checkPolicy without changing the API.
This change doesn't break compilation of dependent projects, and can cause a false illusion of security.
My suggestion is to move this change to a feature branch, along with at least one other change that will break validator API such as #1872.
When the feature branch is merged back to master, the breaking API change would be sufficient to warn developers about the weakened security guarantees and prompt them to use CommandInterestValidator.
Updated by Junxiao Shi over 9 years ago
At 20150610 conference call Alex agrees that either a feature branch should be utilized, or it should be ensured that this Change is merged together with at least one other Change that breaks API.
Updated by Junxiao Shi over 9 years ago
- Blocks Bug #2063: CommandValidator uses deprecated CommandInterestValidator added
Updated by Junxiao Shi about 9 years ago
- Status changed from Code review to Feedback
- Start date deleted (
01/13/2015)
This shouldn't be in CodeReview until note-8 is fulfilled.
Updated by Junxiao Shi over 8 years ago
- Tracker changed from Task to Feature
- Subject changed from Separate timestamp checking from Validator to CommandInterestValidator
- Description updated (diff)
- Status changed from Feedback to In Progress
- Assignee changed from Michael Sweatt to Junxiao Shi
- Target version set to v0.5
- % Done changed from 90 to 40
- Estimated time set to 6.00 h
I'm restarting this issue as needed in #2063-12.
http://redmine.named-data.net/issues/2376 patchset1 has the API and partial implementation.
I'll add test case in the next patchset.
Updated by Junxiao Shi over 8 years ago
- % Done changed from 40 to 70
https://gerrit.named-data.net/2962 patchset2 has the test cases for accepting condition and all rejecting conditions.
I still need to implement capacity limits and the corresponding test cases.
I also notice that makeInterest and similar functions are in ndn::util namespace.
https://gerrit.named-data.net/3002 moves them to ndn::tests namespace.
Updated by Junxiao Shi over 8 years ago
- Status changed from In Progress to Code review
- % Done changed from 70 to 100
https://gerrit.named-data.net/2962 patchset4 implements capacity limits.
Updated by Junxiao Shi over 8 years ago
- Status changed from Code review to Closed
Updated by Junxiao Shi over 8 years ago
- Related to Bug #3698: Compilation error on Ubuntu 14.04 with clang compiler added