Feature #2700
closed
pingserver: sign with DigestSha256
100%
Description
ndnpingserver signs reply Data packets using the default identity, but ndnping doesn't verify the signature.
Signing without verification is wasted work.
ndnpingserver should always use DigestSha256 signing algorithm.
ndnping shouldn't add verification because the purpose of this tool is to test reachability, and Data spoofing isn't a major risk in current network operations.
Updated by Alex Afanasyev over 10 years ago
I would suggest a slightly different way in the same direction:
- by default signing should be done with DisgestSha256
- if command-line parameter is specified, it is signed with the specified identity.
Signing could be useful for some other experiments, besides just ping.
Updated by Junxiao Shi over 10 years ago
Signing could be useful for some other experiments, besides just ping.
Can you explain more about what experiments need signing?
Updated by Alex Afanasyev over 10 years ago
I don't know about experiments. Given it is not hard to keep function of real signing, I just prefer it to be kept.
Updated by Junxiao Shi over 10 years ago
I don't know about experiments. Given it is not hard to keep function of real signing, I just prefer it to be kept.
This is not a matter of "how hard it is".
The goal is simplicity: if there's no use case, don't have this feature.
I disagree with keeping RSA signing in this Feature.
RSA signing is useful only when paired with verification. We could add both RSA signing and validation in a future Feature.
Updated by Eric Newberry over 10 years ago
- Assignee set to Eric Newberry
I'm going to go ahead and assign this task to myself. However, I'm still a bit confused as to what exactly it's requesting. Is the signing method being changed or removed from pingserver?
Updated by Junxiao Shi over 10 years ago
Alex agreed with using DigestSha256 exclusively at 20150508 conference call.
In the future, we could add signing and verification together, if a scenario arises.
Updated by Eric Newberry over 10 years ago
- Status changed from New to Code review
- % Done changed from 0 to 100
Updated by Eric Newberry over 10 years ago
Any update on the Gerrit change for this issue?
Updated by Eric Newberry over 10 years ago
- Status changed from Code review to Closed