Gitiles
Code Review Sign In
gerrit.named-data.net / NDN-TLV / fffabfb3d28b2bdca21c36c173d732efacfc6660^! / . / signature.rst
commitfffabfb3d28b2bdca21c36c173d732efacfc6660[log] [tgz]
authorAlexander Afanasyev <alexander.afanasyev@ucla.edu>Wed Dec 11 21:29:05 2013 +0000
committerAlexander Afanasyev <alexander.afanasyev@ucla.edu>Wed Dec 11 21:29:05 2013 +0000
treeef29487ee9e8d4834efae63bcd46af4337d094de
parent1f53de431be14feae773bcdc01c08175c3e07ff5 [diff] [blame]
Correcting KeyLocator (allow different types) and initial type assignment

git-svn-id: svn+ssh://dyadis.cs.arizona.edu/NDN-spec/spec-sphinx@188 c5937c81-b952-4fd9-96ba-3036b240b622

diff --git a/signature.rst b/signature.rst
index c91c47d..f061dea 100644
--- a/signature.rst
+++ b/signature.rst

@@ -128,16 +128,21 @@
 
 ::
 
-    KeyLocator ::= KEY-LOCATOR-TYPE TLV-LENGTH Name
+    KeyLocator ::= KEY-LOCATOR-TYPE TLV-LENGTH KeyLocatorValue
 
+    KeyLocatorValue ::= Name |
+                        KeyLocatorDigest |
+                        ...
+
+    KeyLocatorDigest ::= KEY-LOCATOR-DIGEST-TYPE TLV-LENGTH BYTE+
 
 .. note::
 
     KeyLocator has meaning only for specific trust model and the current specification does not imply or suggest use of any specific trust model.
-    Generally, KeyLocator should point to another Data packet which is interpreted by the trust model, but trust model can allow alternative interpretations of the KeyLocator.
+    Generally, KeyLocator should point to another Data packet which is interpreted by the trust model, but trust model can allow alternative forms of the KeyLocator.
 
     For example, one can define a trust model that does not interpret KeyLocator at all (KeyLocator MUST be present, but TLV-LENGTH could be 0) and uses naming conventions to infer proper public key or public key certificate for the name of the Data packet itself.
-    Another possibility for the trust model is to define a naming convention for the KeyLocator, where Name ``/keyid/<sha256>`` identifies RSA public key using SHA256 digest, assuming that the trust model has some other means to obtain the public key.
+    Another possibility for the trust model is to define digest-based KeyLocatorValue (``KeyLocatorDigest``), where RSA public key will be identified using SHA256 digest, assuming that the trust model has some other means to obtain the public key.
 
 
 Changes from CCNx
@@ -148,8 +153,6 @@
 - ``KeyLocator`` is moved to be a part of the ``SignatureInfo`` block, if it is applicable for the specific signature type.
   The rationale for the move is to make Signature (sequence of ``SignatureInfo`` and ``SignatureValue`` TLVs) self-contained and self-sufficient.
 
-- ``KeyLocator`` is expressed as a trust model-interpreted name, removing nested blocks and alternative packet-format specified representations (``KeyName``, ``Key``, and ``Certificate``)
-
 - Signature type (or signing method information) is expressed as an assigned integer value (with no assumed default), rather than OID.
 
 - Added support for cheaper signatures