Feature #2641
closed
KeyChain: SHA256-signing with custom KeyLocator
0%
Description
Need an overloading of KeyChain::signWithSha256(Data& data) function as KeyChain::signWithSha256(Data& data, const KeyLocator& keyLocator)
This functionality is used in manifest embedding.
Updated by Junxiao Shi over 10 years ago
- Tracker changed from Task to Feature
- Subject changed from KeyChain to sign packet with SHA256 with custom KeyLocator to KeyChain: SHA256-signing with custom KeyLocator
I disagree with this feature because it violates NDN-TLV:
If KeyLocator is present in SignatureInfo, it MUST be ignored.
If manifest embedded needs a KeyLocator, please define the format and semantics of this KeyLocator, and propose a change to NDN-TLV.
Updated by Ilya Moiseenko over 10 years ago
I talked to Yingdi about this some time ago and he agreed with me.
Updated by Junxiao Shi over 10 years ago
After the format and semantics of this KeyLocator is defined, I will agree with this feature.
Updated by Yingdi Yu over 10 years ago
I forgot the reason, what do you plan to put it into KeyLocator?
Updated by Ilya Moiseenko over 10 years ago
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
Updated by Yingdi Yu over 10 years ago
I do not think we should use the digestSha256 for this purpose. Instead we should define an other signature type, because the security model is different.
Updated by Ilya Moiseenko over 10 years ago
I initially wanted to have a "KeyLocator only" signature type, but you said that it is not good.
Updated by Junxiao Shi over 10 years ago
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
This seems correct. But please post the exact TLV structure, and reserve relevant TLV-TYPE codes if necessary.
Updated by Junxiao Shi about 10 years ago
- Status changed from New to Rejected
This Feature is rejected because its basis, KeyChain::signWithSha256, is deprecated in #2871.
If @Ilya still wants this Feature, please reopen the issue with an updated design.
Updated by Alex Afanasyev about 10 years ago
The function described in this feature can be implemented using the generalized KeyChain::sign(packet, SigningInfo) method, with customized SignatureInfo block supplied as part of SigningInfo (not yet complete).