Feature #2641
closed
KeyChain: SHA256-signing with custom KeyLocator
Added by Ilya Moiseenko about 9 years ago.
Updated almost 9 years ago.
Description
Need an overloading of KeyChain::signWithSha256(Data& data) function as KeyChain::signWithSha256(Data& data, const KeyLocator& keyLocator)
This functionality is used in manifest embedding.
- Tracker changed from Task to Feature
- Subject changed from KeyChain to sign packet with SHA256 with custom KeyLocator to KeyChain: SHA256-signing with custom KeyLocator
I disagree with this feature because it violates NDN-TLV:
If KeyLocator is present in SignatureInfo, it MUST be ignored.
If manifest embedded needs a KeyLocator, please define the format and semantics of this KeyLocator, and propose a change to NDN-TLV.
I talked to Yingdi about this some time ago and he agreed with me.
After the format and semantics of this KeyLocator is defined, I will agree with this feature.
I forgot the reason, what do you plan to put it into KeyLocator?
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
I do not think we should use the digestSha256 for this purpose. Instead we should define an other signature type, because the security model is different.
I initially wanted to have a "KeyLocator only" signature type, but you said that it is not good.
KeyLocator of the Data packet points to the corresponding Manifest for verification purposes.
This seems correct. But please post the exact TLV structure, and reserve relevant TLV-TYPE codes if necessary.
- Status changed from New to Rejected
This Feature is rejected because its basis, KeyChain::signWithSha256
, is deprecated in #2871.
If @Ilya still wants this Feature, please reopen the issue with an updated design.
The function described in this feature can be implemented using the generalized KeyChain::sign(packet, SigningInfo)
method, with customized SignatureInfo block supplied as part of SigningInfo (not yet complete).
Also available in: Atom
PDF