Project

General

Profile

Actions

Feature #5114

closed

Accommodate certificate name in KeyLocator in /localhop/nfd/rib validation rules

Added by Junxiao Shi over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
RIB
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
1.50 h

Description

Currently, command validation rules for /localhop/nfd/rib command are written as:

rule
{
    for interest
    filter
    {
        type name
        regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<><><>$
    }
    checker
    {
        type customized
        sig-type rsa-sha256
        key-locator
        {
            type name
            regex ^<>*<KEY><>$
        }
    }
}

This means, the validator can only accept a signed Interest if its KeyLocator contains key name, but would reject a signed Interest if its KeyLocator contains certificate name.

Since #5112, KeyLocator would contain certificate name. Additionally, legacy client may continue to send KeyLocator with key name.
Thus, this rule should be relaxed to accept either key name or certificate name as KeyLocator.


Files

NFD-5114_20210129.pcapng (8.96 KB) NFD-5114_20210129.pcapng Junxiao Shi, 01/28/2021 09:51 PM

Related issues 1 (0 open1 closed)

Related to ndn-cxx - Feature #5112: Include certificate name in KeyLocatorClosedJunxiao Shi

Actions
Actions

Also available in: Atom PDF