Project

General

Profile

Actions
Copy link

Feature #5148

open

ValidatorConfig: multiple sig-type restrictions in a single checker

Added by Junxiao Shi about 3 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
ValidatorConfig

Description

In ValidatorConfig, it's sometimes useful to specify a restriction on SignatureType.
For example, a checker could be specified as:

checker
{
  type hierarchical
  sig-type rsa-sha256
  sig-type ecdsa-sha256
}

The sig-type key should be optional and repeatable.
If sig-type is present, the packet must have any one of the specified SignatureTypes.
If sig-type is absent, the packet may have any SignatureType.

The syntax of sig-type value is to be determined.
It should at least allow specifying the signature algorithm, and could be extended to also specify minimum key length.

Related issues 1 (0 open1 closed)

Related to ndn-cxx - Bug #4524: validator_config::Checker should enforce sig-type checkClosedAlex Afanasyev

Actions
Actions
Copy link
 #1

Updated by Junxiao Shi about 3 years ago

  • Related to Bug #4524: validator_config::Checker should enforce sig-type check added
Actions
Copy link
 #2

Updated by Junxiao Shi about 3 years ago

  • Status changed from New to Duplicate

#4524 used to be temporarily removing the sig-type configuration, but it has evolved to implement that check instead.
Thus, this issue becomes a duplicate.

Note that the #4524 implementation differs from the above proposal in several ways:

  • sig-type config is not repeatable.
  • Default is SignatureType=3, not "any".
  • There's no minimal key length restriction.
Actions
Copy link
 #3

Updated by Davide Pesavento about 3 years ago

We still want to implement support for multiple signature types in the same checker at some point, so this is not a duplicate.

Actions
Copy link
 #4

Updated by Junxiao Shi about 3 years ago

Davide Pesavento wrote in #note-3:

We still want to implement support for multiple signature types in the same checker

It isn't strictly necessary. Policy author can write several parallel checkers, one for each acceptable signature type.

Actions
Copy link
 #5

Updated by Alex Afanasyev about 3 years ago

  • Subject changed from ValidatorConfig: sig-type restriction to ValidatorConfig: multiple sig-type restrictions in a single checker
Actions
Copy link
 #6

Updated by Alex Afanasyev about 3 years ago

  • Status changed from Duplicate to New
Actions
Copy link
 #7

Updated by Davide Pesavento 5 months ago

  • Tags changed from security, ValidatorConfig to ValidatorConfig
Actions
Copy link

Also available in: Atom PDF