Project

General

Profile

Actions

Feature #5148

open

ValidatorConfig: multiple sig-type restrictions in a single checker

Added by Junxiao Shi almost 4 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In ValidatorConfig, it's sometimes useful to specify a restriction on SignatureType.
For example, a checker could be specified as:

checker
{
  type hierarchical
  sig-type rsa-sha256
  sig-type ecdsa-sha256
}

The sig-type key should be optional and repeatable.
If sig-type is present, the packet must have any one of the specified SignatureTypes.
If sig-type is absent, the packet may have any SignatureType.

The syntax of sig-type value is to be determined.
It should at least allow specifying the signature algorithm, and could be extended to also specify minimum key length.


Related issues 1 (0 open1 closed)

Related to ndn-cxx - Bug #4524: validator_config::Checker should enforce sig-type checkClosedAlex Afanasyev

Actions
Actions #1

Updated by Junxiao Shi almost 4 years ago

  • Related to Bug #4524: validator_config::Checker should enforce sig-type check added
Actions #2

Updated by Junxiao Shi over 3 years ago

  • Status changed from New to Duplicate

#4524 used to be temporarily removing the sig-type configuration, but it has evolved to implement that check instead.
Thus, this issue becomes a duplicate.

Note that the #4524 implementation differs from the above proposal in several ways:

  • sig-type config is not repeatable.
  • Default is SignatureType=3, not "any".
  • There's no minimal key length restriction.
Actions #3

Updated by Davide Pesavento over 3 years ago

We still want to implement support for multiple signature types in the same checker at some point, so this is not a duplicate.

Actions #4

Updated by Junxiao Shi over 3 years ago

Davide Pesavento wrote in #note-3:

We still want to implement support for multiple signature types in the same checker

It isn't strictly necessary. Policy author can write several parallel checkers, one for each acceptable signature type.

Actions #5

Updated by Alex Afanasyev over 3 years ago

  • Subject changed from ValidatorConfig: sig-type restriction to ValidatorConfig: multiple sig-type restrictions in a single checker
Actions #6

Updated by Alex Afanasyev over 3 years ago

  • Status changed from Duplicate to New
Actions #7

Updated by Davide Pesavento about 1 year ago

  • Tags changed from security, ValidatorConfig to ValidatorConfig
Actions

Also available in: Atom PDF