Project

General

Profile

Feature #2641

KeyChain: SHA256-signing with custom KeyLocator

Added by Ilya Moiseenko almost 6 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Category:
Security
Target version:
-
Start date:
03/13/2015
Due date:
% Done:

0%

Estimated time:

Description

Need an overloading of KeyChain::signWithSha256(Data& data) function as KeyChain::signWithSha256(Data& data, const KeyLocator& keyLocator)

This functionality is used in manifest embedding.

#1

Updated by Junxiao Shi almost 6 years ago

  • Tracker changed from Task to Feature
  • Subject changed from KeyChain to sign packet with SHA256 with custom KeyLocator to KeyChain: SHA256-signing with custom KeyLocator

I disagree with this feature because it violates NDN-TLV:

If KeyLocator is present in SignatureInfo, it MUST be ignored.

If manifest embedded needs a KeyLocator, please define the format and semantics of this KeyLocator, and propose a change to NDN-TLV.

#2

Updated by Ilya Moiseenko almost 6 years ago

I talked to Yingdi about this some time ago and he agreed with me.

#3

Updated by Junxiao Shi almost 6 years ago

After the format and semantics of this KeyLocator is defined, I will agree with this feature.

#4

Updated by Yingdi Yu almost 6 years ago

I forgot the reason, what do you plan to put it into KeyLocator?

#5

Updated by Ilya Moiseenko almost 6 years ago

KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.

#6

Updated by Yingdi Yu almost 6 years ago

I do not think we should use the digestSha256 for this purpose. Instead we should define an other signature type, because the security model is different.

#7

Updated by Ilya Moiseenko almost 6 years ago

I initially wanted to have a "KeyLocator only" signature type, but you said that it is not good.

#8

Updated by Junxiao Shi almost 6 years ago

KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.

This seems correct. But please post the exact TLV structure, and reserve relevant TLV-TYPE codes if necessary.

#9

Updated by Junxiao Shi over 5 years ago

  • Status changed from New to Rejected

This Feature is rejected because its basis, KeyChain::signWithSha256, is deprecated in #2871.

If @Ilya still wants this Feature, please reopen the issue with an updated design.

#10

Updated by Alex Afanasyev over 5 years ago

The function described in this feature can be implemented using the generalized KeyChain::sign(packet, SigningInfo) method, with customized SignatureInfo block supplied as part of SigningInfo (not yet complete).

Also available in: Atom PDF