Feature #2641
KeyChain: SHA256-signing with custom KeyLocator
0%
Description
Need an overloading of KeyChain::signWithSha256(Data& data) function as KeyChain::signWithSha256(Data& data, const KeyLocator& keyLocator)
This functionality is used in manifest embedding.
Updated by Junxiao Shi over 6 years ago
- Tracker changed from Task to Feature
- Subject changed from KeyChain to sign packet with SHA256 with custom KeyLocator to KeyChain: SHA256-signing with custom KeyLocator
I disagree with this feature because it violates NDN-TLV:
If KeyLocator is present in SignatureInfo, it MUST be ignored.
If manifest embedded needs a KeyLocator, please define the format and semantics of this KeyLocator, and propose a change to NDN-TLV.
Updated by Ilya Moiseenko over 6 years ago
I talked to Yingdi about this some time ago and he agreed with me.
Updated by Junxiao Shi over 6 years ago
After the format and semantics of this KeyLocator is defined, I will agree with this feature.
Updated by Yingdi Yu over 6 years ago
I forgot the reason, what do you plan to put it into KeyLocator?
Updated by Ilya Moiseenko over 6 years ago
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
Updated by Yingdi Yu over 6 years ago
I do not think we should use the digestSha256 for this purpose. Instead we should define an other signature type, because the security model is different.
Updated by Ilya Moiseenko over 6 years ago
I initially wanted to have a "KeyLocator only" signature type, but you said that it is not good.
Updated by Junxiao Shi over 6 years ago
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
This seems correct. But please post the exact TLV structure, and reserve relevant TLV-TYPE codes if necessary.
Updated by Junxiao Shi over 6 years ago
- Status changed from New to Rejected
This Feature is rejected because its basis, KeyChain::signWithSha256, is deprecated in #2871.
If @Ilya still wants this Feature, please reopen the issue with an updated design.
Updated by Alex Afanasyev over 6 years ago
The function described in this feature can be implemented using the generalized KeyChain::sign(packet, SigningInfo) method, with customized SignatureInfo block supplied as part of SigningInfo (not yet complete).