Project

General

Profile

Feature #5148

ValidatorConfig: multiple sig-type restrictions in a single checker

Added by Junxiao Shi 7 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In ValidatorConfig, it's sometimes useful to specify a restriction on SignatureType.
For example, a checker could be specified as:

checker
{
  type hierarchical
  sig-type rsa-sha256
  sig-type ecdsa-sha256
}

The sig-type key should be optional and repeatable.
If sig-type is present, the packet must have any one of the specified SignatureTypes.
If sig-type is absent, the packet may have any SignatureType.

The syntax of sig-type value is to be determined.
It should at least allow specifying the signature algorithm, and could be extended to also specify minimum key length.


Related issues

Related to ndn-cxx - Bug #4524: validator_config::Checker should enforce sig-type checkClosedAlex Afanasyev

Actions
#1

Updated by Junxiao Shi 7 months ago

  • Related to Bug #4524: validator_config::Checker should enforce sig-type check added
#2

Updated by Junxiao Shi 6 months ago

  • Status changed from New to Duplicate

#4524 used to be temporarily removing the sig-type configuration, but it has evolved to implement that check instead.
Thus, this issue becomes a duplicate.

Note that the #4524 implementation differs from the above proposal in several ways:

  • sig-type config is not repeatable.
  • Default is SignatureType=3, not "any".
  • There's no minimal key length restriction.
#3

Updated by Davide Pesavento 6 months ago

We still want to implement support for multiple signature types in the same checker at some point, so this is not a duplicate.

#4

Updated by Junxiao Shi 6 months ago

Davide Pesavento wrote in #note-3:

We still want to implement support for multiple signature types in the same checker

It isn't strictly necessary. Policy author can write several parallel checkers, one for each acceptable signature type.

#5

Updated by Alex Afanasyev 6 months ago

  • Subject changed from ValidatorConfig: sig-type restriction to ValidatorConfig: multiple sig-type restrictions in a single checker
#6

Updated by Alex Afanasyev 6 months ago

  • Status changed from Duplicate to New

Also available in: Atom PDF