Task #4263
closed
Re-enable validation for remote routers for dataset requests
Added by Nicholas Gordon about 7 years ago.
Updated almost 7 years ago.
Description
Authorization of interests for remote routers has been disabled, and all requests for remote datasets are accepted. This is not the desired behavior, so this should be re-enabled using the v2 security suite.
- Parent task deleted (
#3964)
For some reason I thought that this had been disabled at some point. However, it appears this was never enabled. Preliminary discussions have happened about the details of this, but nothing has been captured here. More thorough discussion will be necessary to delineate the fine details.
StatusDataset is not meant to be authenticated. Even if you authenticate the Interest before publishing a new version of the dataset, the response is cached in the network, and anyone can find them via name discovery (sending Interests with incomplete names).
If it is desirable to protect the information, the response must be encrypted. An earlier version of management dispatcher design contains a ReplyEncryptCallback
, but it did not make into the final design because there was no use case back then.
- Status changed from New to Abandoned
- Start date deleted (
08/29/2017)
This issue has been abandoned on the grounds of urgency and relevance. The general consensus is that, even though this would be useful, there are many more important issues. Additionally, as there is no use case identifiable in the future, this has been abandoned. An issue will be filed in the future if a need presents itself.
Also available in: Atom
PDF