Project

General

Profile

Actions

Feature #2641

closed

KeyChain: SHA256-signing with custom KeyLocator

Added by Ilya Moiseenko about 9 years ago. Updated almost 9 years ago.

Status:
Rejected
Priority:
Normal
Category:
Security
Target version:
-
Start date:
03/13/2015
Due date:
% Done:

0%

Estimated time:

Description

Need an overloading of KeyChain::signWithSha256(Data& data) function as KeyChain::signWithSha256(Data& data, const KeyLocator& keyLocator)

This functionality is used in manifest embedding.

Actions #1

Updated by Junxiao Shi about 9 years ago

  • Tracker changed from Task to Feature
  • Subject changed from KeyChain to sign packet with SHA256 with custom KeyLocator to KeyChain: SHA256-signing with custom KeyLocator

I disagree with this feature because it violates NDN-TLV:

If KeyLocator is present in SignatureInfo, it MUST be ignored.

If manifest embedded needs a KeyLocator, please define the format and semantics of this KeyLocator, and propose a change to NDN-TLV.

Actions #2

Updated by Ilya Moiseenko about 9 years ago

I talked to Yingdi about this some time ago and he agreed with me.

Actions #3

Updated by Junxiao Shi about 9 years ago

After the format and semantics of this KeyLocator is defined, I will agree with this feature.

Actions #4

Updated by Yingdi Yu about 9 years ago

I forgot the reason, what do you plan to put it into KeyLocator?

Actions #5

Updated by Ilya Moiseenko about 9 years ago

KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.

Actions #6

Updated by Yingdi Yu about 9 years ago

I do not think we should use the digestSha256 for this purpose. Instead we should define an other signature type, because the security model is different.

Actions #7

Updated by Ilya Moiseenko about 9 years ago

I initially wanted to have a "KeyLocator only" signature type, but you said that it is not good.

Actions #8

Updated by Junxiao Shi about 9 years ago

KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.

This seems correct. But please post the exact TLV structure, and reserve relevant TLV-TYPE codes if necessary.

Actions #9

Updated by Junxiao Shi almost 9 years ago

  • Status changed from New to Rejected

This Feature is rejected because its basis, KeyChain::signWithSha256, is deprecated in #2871.

If @Ilya still wants this Feature, please reopen the issue with an updated design.

Actions #10

Updated by Alex Afanasyev almost 9 years ago

The function described in this feature can be implemented using the generalized KeyChain::sign(packet, SigningInfo) method, with customized SignatureInfo block supplied as part of SigningInfo (not yet complete).

Actions

Also available in: Atom PDF