docs: delete certificate spec
Moved to the NDN-packet-spec repo
https://github.com/named-data/NDN-packet-spec/commit/3a74e134979606af9a2b90b12f141f8794ad96d7
Change-Id: I57aec08aeb553d5eb6c5a7c368ba03b904b1e4ed
diff --git a/docs/INSTALL.rst b/docs/INSTALL.rst
index dd394ec..30dadaf 100644
--- a/docs/INSTALL.rst
+++ b/docs/INSTALL.rst
@@ -192,7 +192,7 @@
package is installed and ``PKG_CONFIG_PATH`` is configured properly (or if
``<LIBPATH>/pkgconfig`` is a default search path), the command ``pkg-config --cflags
--libs libndn-cxx`` will return all necessary compile and link flags for the library.
-- ``<BINPATH>/ndnsec``: tool to manage NDN keys and certificates.
+- ``<BINPATH>/ndnsec``: command-line tool to manage NDN keys and certificates.
- ``<BINPATH>/ndnsec-*``: convenience aliases for ``ndnsec`` tools.
If configured with tests (``./waf configure --with-tests``), the above commands
diff --git a/docs/index.rst b/docs/index.rst
index b1f9012..97bf2e4 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -49,7 +49,6 @@
- :doc:`specs`
- + :doc:`specs/certificate`
+ :doc:`specs/safe-bag`
+ :doc:`specs/signed-interest`
diff --git a/docs/release-notes/release-notes-0.5.0.rst b/docs/release-notes/release-notes-0.5.0.rst
index 914c5de..6c6a750 100644
--- a/docs/release-notes/release-notes-0.5.0.rst
+++ b/docs/release-notes/release-notes-0.5.0.rst
@@ -112,7 +112,8 @@
``ndn::CertificateExtension``, ``ndn::CertificateSubjectDescription``. When necessary, use
``security::v1::PublicKey``, ``security::v1::Certificate``, ``security::v1::IdentityCertificate``,
``security::v1::CertificateExtension``, ``security::v1::CertificateSubjectDescription`` instead.
- The next release will feature :doc:`a new version of the NDN Certificate format </specs/certificate>`.
+ The next release will feature `a new version of the NDN Certificate format
+ <https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html>`__.
Removed
^^^^^^^
diff --git a/docs/release-notes/release-notes-0.5.1.rst b/docs/release-notes/release-notes-0.5.1.rst
index 033a6bd..455a19a 100644
--- a/docs/release-notes/release-notes-0.5.1.rst
+++ b/docs/release-notes/release-notes-0.5.1.rst
@@ -13,10 +13,11 @@
New features
^^^^^^^^^^^^
-- Add version 2 of the security framework (introduced in ``security::v2`` namespace)
+- Add version 2 of the security framework in ``security::v2`` namespace
- * :doc:`/specs/certificate` (:issue:`3103`)
- * New Public Information Base (PIB) and Trusted Program Module (TPM) framework to manage
+ * `NDN Certificate Format version 2.0
+ <https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html>`__ (:issue:`3103`)
+ * New Public Information Base (PIB) and Trusted Platform Module (TPM) framework to manage
public/private keys and NDN Certificate version 2.0 (:issue:`2948`, :issue:`3202`)
* New KeyChain implementation (:issue:`2926`)
* New Validator implementation (:issue:`3289`, :issue:`1872`)
diff --git a/docs/release-notes/release-notes-0.6.0.rst b/docs/release-notes/release-notes-0.6.0.rst
index c2e045f..da66436 100644
--- a/docs/release-notes/release-notes-0.6.0.rst
+++ b/docs/release-notes/release-notes-0.6.0.rst
@@ -11,12 +11,12 @@
- **(breaking change)** Security framework version 2 (:issue:`3098`, :issue:`3920`,
:issue:`3644`, :issue:`4085`, :issue:`4323`, :issue:`4339`).
- The released version of the library only supports the new version of the security (v2
- certificate format) and features a number of updates of KeyChain and Validator
- interfaces. At the same time, management APIs for :ndn-cxx:`ValidatorConfig` remained
- intact; transition to the new framework would require only adjusting
- :ndn-cxx:`Validator::validate` calls and updating configuration files to follow the new
- naming conventions of :doc:`/specs/certificate`.
+ This release of the library supports only the new version of the security framework
+ and features a number of updates to the KeyChain and Validator interfaces.
+ At the same time, management APIs for :ndn-cxx:`ValidatorConfig` remained intact;
+ transition to the new framework only requires adjusting :ndn-cxx:`Validator::validate`
+ calls and updating configuration files to follow the naming conventions of the new
+ `Certificate format <https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html>`__.
- Integration of fetching certificates using Certificate Bundle as part of specialized
``CertificateFetcher`` (:issue:`3891`)
@@ -25,7 +25,7 @@
to include ``ForwardingHint`` instead of ``LinkObject``, following the latest NDN
specification updates (:issue:`4054`, :issue:`4055`)
-- Fine-grained signals on interface/address changes in NetworkMonitor
+- Fine-grained signals on interface/address changes in :ndn-cxx:`NetworkMonitor`
for all supported platforms (:issue:`3353`, :issue:`4025`, :issue:`3817`, :issue:`4024`)
- Addition of ``TxSequence`` field and ``Ack``, the first repeatable field in
@@ -51,7 +51,7 @@
- FaceUri now accepts link-local IPv6 addresses (:issue:`1428`)
-- Rename variables in ``FaceStatus`` and ``ForwarderStatus`` ('datas' => 'data')
+- Rename fields in :ndn-cxx:`FaceStatus` and :ndn-cxx:`ForwarderStatus` ('datas' => 'data')
(:issue:`3955`)
- Improve logging framework and its uses
@@ -63,19 +63,19 @@
* Add logging capabilities to ``Face``, ``UnixTransport``, ``TcpTransport``, and the new
security framework (:issue:`3563`)
- To enable logging, set environment variable ``NDN_LOG`` to enable specific, subset, or all
- logging module at appropriate levels. Examples:
+ To configure logging, set the environment variable :doc:`NDN_LOG </manpages/ndn-log>`.
+ Examples:
- ::
+ .. code-block:: sh
- export NDN_LOG=*=ALL
- export NDN_LOG=ndn.*=ALL
- export NDN_LOG=ndn.security=DEBUG:ndn.TcpTransport=ALL
+ export NDN_LOG="*=ALL"
+ export NDN_LOG="ndn.*=ALL"
+ export NDN_LOG="ndn.security=DEBUG:ndn.TcpTransport=ALL"
-- Ensure that ``Face`` sends ``Nack`` only after every ``InterestCallback`` has responded
- (:issue:`4228`)
+- Ensure that :ndn-cxx:`Face` sends a ``Nack`` only after every ``InterestCallback`` has
+ responded (:issue:`4228`)
-- Fix potential overflow in ``time::toIsoString`` (:issue:`3915`)
+- Fix potential overflow in :ndn-cxx:`time::toIsoString` (:issue:`3915`)
- Fix potentially misaligned memory accesses (:issue:`4172`, :issue:`4097`, :issue:`4175`,
:issue:`4190`, :issue:`4191`)
@@ -86,20 +86,15 @@
- Source/header reorganization (:issue:`3940`)
- * Move network-related files to ``src/net``
+ * Move network-related files to ``src/net``. Note the following namespace changes:
- .. note::
- Namespace changes
+ + ``ndn::util::FaceUri`` is now ``ndn::FaceUri``
+ + ``ndn::util::ethernet`` is now ``ndn::ethernet``
+ + ``ndn::util::NetworkMonitor`` and related classes are now in ``ndn::net``
- * ndn::util::FaceUri is now ndn::FaceUri
- * ndn::util::ethernet is now ndn::ethernet
- * ndn::util::NetworkMonitor and related classes are now in ndn::net
-
- * Move signal-related files into ``src/util/signal/`` directory, except for
+ * Move signal-related files into ``src/util/signal`` directory, except for
the main include ``signal.hpp``
-
- * Move InMemoryStorage to ``src/ims``
-
+ * Move :ndn-cxx:`InMemoryStorage` and related classes to ``src/ims``
* Rename ``digest.hpp`` to ``sha256.hpp`` to match the ``Sha256`` class declared within
Removed
diff --git a/docs/release-notes/release-notes-0.6.5.rst b/docs/release-notes/release-notes-0.6.5.rst
index 62af06d..ead42d9 100644
--- a/docs/release-notes/release-notes-0.6.5.rst
+++ b/docs/release-notes/release-notes-0.6.5.rst
@@ -6,8 +6,8 @@
New features
^^^^^^^^^^^^
-- More support for `NDN packet format version
- 0.3 <https://named-data.net/doc/NDN-packet-spec/0.3/>`__ (:issue:`4527`)
+- More support for `NDN packet format version 0.3
+ <https://named-data.net/doc/NDN-packet-spec/0.3/>`__ (:issue:`4527`)
* Stop using ``ChildSelector`` in ``NotificationSubscriber`` (:issue:`4664`)
@@ -18,41 +18,42 @@
- Scoped prefix registration, scoped Interest filter, and scoped pending Interest
(:issue:`3919`, :issue:`4316`)
-- Counters for satisfied and unsatisfied Interests in ``ForwarderStatus``
+- Counters for satisfied and unsatisfied Interests in :ndn-cxx:`ForwarderStatus`
(:issue:`4720`)
-- ``random::getRandomNumberEngine()`` in the public API
+- :ndn-cxx:`random::getRandomNumberEngine` in the public API
-- ``MetadataObject`` class to encode/decode RDR-style metadata (:issue:`4707`)
+- :ndn-cxx:`MetadataObject` class to encode/decode RDR-style metadata (:issue:`4707`)
-- ``SegmentFetcher::stop()`` (:issue:`4692`)
+- :ndn-cxx:`SegmentFetcher::stop` (:issue:`4692`)
Improvements and bug fixes
^^^^^^^^^^^^^^^^^^^^^^^^^^
-- Use openssl-based routines for the PKCS#8 decoding/decryption when exporting key from macOS
- Keychain (:issue:`4450`)
-
- Switch to AES-256 for private key encryption in PKCS #8 export
-- Add exponential backoff in ``CertificateFetcherFromNetwork`` (:issue:`4718`, :issue:`4712`)
+- Use OpenSSL-based routines for PKCS #8 decoding/decryption when exporting keys from the
+ macOS Keychain (:issue:`4450`)
+
+- Forbid unrecognized TLVs before ``Name`` (:issue:`4667`)
+
+- Stop accepting NonNegativeInteger as sequence number in NDNLP (:issue:`4598`)
+
+- Add exponential backoff in :ndn-cxx:`CertificateFetcherFromNetwork` (:issue:`4718`,
+ :issue:`4712`)
- Throw exception when loading an orphaned ``ValidationPolicyConfig`` (API violation)
(:issue:`4758`)
-- Forbid unrecognized TLVs before ``Name`` (:issue:`4667`)
+- Prevent memory pool size from becoming zero in :ndn-cxx:`InMemoryStorage` (:issue:`4769`)
-- Prevent memory pool size from becoming zero in ``InMemoryStorage`` (:issue:`4769`)
-
-- Clean up fetchers when destructing ``nfd::Controller`` (:issue:`4775`)
+- Clean up fetchers when destructing :ndn-cxx:`nfd::Controller` (:issue:`4775`)
- Fix ``SegmentFetcher`` undefined behavior caused by uncanceled pending interest
(:issue:`4770`)
- Seed the PRNG with more entropy (:issue:`4808`)
-- Stop accepting NonNegativeInteger as sequence number in NDNLP (:issue:`4598`)
-
- Backport C++17 ``std::any`` and ``std::variant`` as ``ndn::any`` and ``ndn::variant``
- Reimplement ``scheduler::EventId`` with ``CancelHandle`` (:issue:`4698`)
@@ -60,7 +61,7 @@
Deprecated
^^^^^^^^^^
-- ``ndn-cxx/util/scheduler-scoped-event-id.hpp`` header as it is now sufficient to use
+- ``ndn-cxx/util/scheduler-scoped-event-id.hpp`` header, as it is now sufficient to use
``ndn-cxx/util/scheduler.hpp`` header (:issue:`4698`)
- Implicit conversion from nullptr to ``scheduler::EventId`` (:issue:`4698`)
diff --git a/docs/release-notes/release-notes-0.6.6.rst b/docs/release-notes/release-notes-0.6.6.rst
index e09f916..858f44b 100644
--- a/docs/release-notes/release-notes-0.6.6.rst
+++ b/docs/release-notes/release-notes-0.6.6.rst
@@ -23,7 +23,8 @@
- ``NDN_THROW`` macro to throw exceptions including file position and runtime context of the
throw statement (:issue:`4834`)
-- Ensure that a ``Block`` with TLV-TYPE zero is treated as invalid (:issue:`4726`, :issue:`4895`)
+- Ensure that a :ndn-cxx:`Block` with TLV-TYPE zero is treated as invalid (:issue:`4726`,
+ :issue:`4895`)
Improvements and bug fixes
^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/release-notes/release-notes-0.7.0.rst b/docs/release-notes/release-notes-0.7.0.rst
index 523a58d..d726e66 100644
--- a/docs/release-notes/release-notes-0.7.0.rst
+++ b/docs/release-notes/release-notes-0.7.0.rst
@@ -17,28 +17,29 @@
- HMAC signing support (:issue:`3075`)
-- Support for ``ParametersSha256DigestComponent`` in ``Name`` and ``Interest`` classes
+- Support for ``ParametersSha256DigestComponent`` in :ndn-cxx:`Name` and :ndn-cxx:`Interest`
(:issue:`4658`)
-- Encoding/decoding of ``HopLimit`` field in Interest (:issue:`4806`)
+- Encoding and decoding of ``HopLimit`` field in Interest (:issue:`4806`)
-- PIT token (:issue:`4532`).
+- Support for encoding and decoding PIT token as NDNLPv2 field (:issue:`4532`).
PIT token is a hop-by-hop header field that identifies an Interest-Data exchange. The
downstream node can assign an opaque token to an outgoing Interest, and the upstream node
is expected to return the same token on the Data or Nack in reply to that Interest. This
would allow the downstream node to accelerate its processing, especially in PIT lookup.
-- ``io::loadBuffer`` and ``io::saveBuffer`` helper functions
+- :ndn-cxx:`io::loadBuffer` and :ndn-cxx:`io::saveBuffer` helper functions
Improvements and bug fixes
^^^^^^^^^^^^^^^^^^^^^^^^^^
-- Various improvements in the Linux implementation of ``NetworkMonitor`` class
+- Various improvements in the Linux implementation of :ndn-cxx:`NetworkMonitor`
- Rework of ``RttEstimator`` class:
- * split into two classes: ``RttEstimator`` and ``RttEstimatorWithStats`` (:issue:`4887`)
+ * split into two classes: :ndn-cxx:`RttEstimator` and :ndn-cxx:`RttEstimatorWithStats`
+ (:issue:`4887`)
* add a getter for the smoothed RTT value (:issue:`4892`)
* switch to use ``time::nanoseconds`` (:issue:`4887`)
@@ -64,7 +65,7 @@
- Unused ``v2::PublicKey`` alias of ``transform::PublicKey``
-- ``HmacFilter`` class, use SignerFilter and VerifierFilter instead
+- ``HmacFilter`` class, use :ndn-cxx:`SignerFilter` and :ndn-cxx:`VerifierFilter` instead
- Ill-defined equality operators for ``Interest``, ``MetaInfo``, ``Signature`` (:issue:`4569`)
diff --git a/docs/release-notes/release-notes-0.7.1.rst b/docs/release-notes/release-notes-0.7.1.rst
index 4675c3b..50f3efb 100644
--- a/docs/release-notes/release-notes-0.7.1.rst
+++ b/docs/release-notes/release-notes-0.7.1.rst
@@ -12,10 +12,11 @@
New features
^^^^^^^^^^^^
-- Signed Interests according to Packet Specification v0.3 (:issue:`4804`)
+- `Signed Interests <https://named-data.net/doc/NDN-packet-spec/0.3/signed-interest.html>`__
+ according to Packet Specification v0.3 (:issue:`4804`)
-- Add "in-order" mode to ``SegmentFetcher`` and a corresponding signal that is emitted after each
- segment is received and validated in segment order. Segments that arrive out-of-order will be
+- Add "in-order" mode to :ndn-cxx:`SegmentFetcher` and a corresponding signal that is emitted after
+ each segment is received and validated in segment order. Segments that arrive out-of-order will be
buffered internally until all earlier segments have arrived and passed validation.
- Allow ``KeyLocator`` to either identify the full name of a certificate, an unversioned certificate
@@ -34,7 +35,7 @@
- Fix spurious error message from ``ndnsec-key-gen`` when ``key-id`` is specified (:issue:`5057`)
-- Provide more fine-grained choices for ``name::UriFormat`` (:issue:`4777`)
+- Provide more fine-grained choices for :ndn-cxx:`name::UriFormat` (:issue:`4777`)
- Allow automatic log flushing to be disabled (:issue:`3668`)
@@ -49,7 +50,7 @@
- Correctly handle non-existent identity in ``PibImpl::setDefaultIdentity``
-- Fix incompatibility with ``time::toIsoString`` in Boost 1.73.0+
+- Fix incompatibility with Boost 1.73.0+ in :ndn-cxx:`time::toIsoString`
- Fix incompatibility with ``<version>`` header in C++20
diff --git a/docs/release-notes/release-notes-0.8.0.rst b/docs/release-notes/release-notes-0.8.0.rst
index fe25427..752fa91 100644
--- a/docs/release-notes/release-notes-0.8.0.rst
+++ b/docs/release-notes/release-notes-0.8.0.rst
@@ -19,7 +19,7 @@
- Change TLV-TYPE number of ``IncomingFaceId`` field in NDNLP (:issue:`5185`)
-- Update ``Interest::ForwardingHint`` format (:issue:`5187`)
+- Update Interest ``ForwardingHint`` format (:issue:`5187`)
Improvements and bug fixes
^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -27,19 +27,19 @@
- Support certificate name, versionless certificate name, and key name options for
KeyLocator name in ``ValidatorConfig`` (:issue:`5142`)
-- Fix ``ValidatorConfig`` rule processing bug (:issue:`5145`)
-
- Generalize signature verification to allow ``digest-sha256``, effectively adding
support of digest integrity verification in ``ValidatorConfig``
- Enforce ``sig-type`` check in ``ValidatorConfig`` (:issue:`4524`)
-- Refactor and cleanup of ``StatusDatasetContext``, including increase of max payload size
- of each segment produced by ``StatusDatasetContext`` to 8,000 bytes
+- Fix ``ValidatorConfig`` rule processing bug (:issue:`5145`)
- Prevent potential dereferencing of past-the-end iterator in ``Block::value()``
-- Fail early in ``Block::blockFromValue()``, if TLV length is zero
+- Fail early in :ndn-cxx:`Block::blockFromValue` if TLV length is zero
+
+- Refactor and cleanup of :ndn-cxx:`StatusDatasetContext`, including increase of maximum
+ payload size of each produced segment to 8000 bytes
- Improve error reporting when loading a ``Certificate`` or ``SafeBag`` fails
@@ -50,7 +50,7 @@
- Introduce ``time::{to,from}IsoExtendedString()`` utility functions
- Add support for OpenSSL 3.0. Note that because of the API changes, HMAC implementation
- does not currently work when compiled with OpenSSL 3.0, use older version of OpenSSL
+ does not currently work when compiled with OpenSSL 3.0+, use older version of OpenSSL
when needed.
- Various build system and documentation extension and fixes
diff --git a/docs/specs.rst b/docs/specs.rst
index e5b1eff..cc2fe43 100644
--- a/docs/specs.rst
+++ b/docs/specs.rst
@@ -4,6 +4,5 @@
.. toctree::
:maxdepth: 2
- specs/certificate
specs/safe-bag
specs/signed-interest
diff --git a/docs/specs/certificate.rst b/docs/specs/certificate.rst
deleted file mode 100644
index eed4c21..0000000
--- a/docs/specs/certificate.rst
+++ /dev/null
@@ -1,201 +0,0 @@
-NDN Certificate Format Version 2.0
-==================================
-
-Since signature verification is a common operation in NDN applications, it is
-important to define a common certificate format to standardize the public key
-authentication procedure. As every NDN data packet is signed, a data packet
-that carries a public key as content is conceptually a certificate. However,
-the specification of a data packet alone is not sufficient to serve as the
-specification of a common NDN certificate format, because additional provisions
-are required for the latter. For example, a certificate follows a specific
-naming scheme and may need to include validity period, revocation information,
-etc. This specification defines the naming and structure of NDN certificates
-and is complementary to the `NDN packet specification
-<https://named-data.net/doc/NDN-packet-spec/current/>`__.
-
-::
-
- Structure of an NDN certificate
- +--------------------------+
- | Name |
- +--------------------------+
- | MetaInfo |
- |+------------------------+|
- || ContentType: KEY(2) ||
- |+------------------------+|
- |+------------------------+|
- || FreshnessPeriod: ~1h ||
- |+------------------------+|
- +--------------------------+
- | Content |
- |+------------------------+|
- || Public Key ||
- |+------------------------+|
- +--------------------------+
- | SignatureInfo |
- |+------------------------+|
- || SignatureType: ... ||
- || KeyLocator: ... ||
- || ValidityPeriod: ... ||
- || ... ||
- |+------------------------+|
- +--------------------------+
- | SignatureValue |
- +--------------------------+
-
-.. code-block:: abnf
-
- Certificate = DATA-TYPE TLV-LENGTH
- Name ; /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
- MetaInfo ; ContentType == KEY, FreshnessPeriod required
- CertificateContent
- CertificateSignatureInfo
- SignatureValue
-
- CertificateContent = CONTENT-TYPE TLV-LENGTH SubjectPublicKeyInfo
-
- CertificateSignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
- SignatureType
- KeyLocator
- ValidityPeriod
- *CertificateExtension
-
-
-Name
-----
-
-The name of a certificate consists of five parts as shown below::
-
- /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
-
-A certificate name starts with the name of the identity to which the public key is
-bound. The identity is followed by a literal ``KEY`` GenericNameComponent and by
-the *KeyId*, *IssuerId*, and *Version* components.
-
-*KeyId* is an opaque name component that identifies an instance of the public key in
-the certificate namespace. The value of *KeyId* is controlled by the namespace owner
-and can be an 8-byte random number, the SHA-256 digest of the certificate's public
-key, a timestamp, or any other unique numerical identifier.
-
-*IssuerId* is an opaque name component that identifies the issuer of the certificate.
-The value is controlled by the certificate issuer and, similar to *KeyId*, can be an
-8-byte random number, the SHA-256 digest of the issuer's public key, or any other
-free-form identifier.
-
-*Version* represents the version number of the certificate. This component is encoded
-as a VersionNameComponent, following either revision 1 (marker-based) or revision 3
-(type-based) of the `NDN naming conventions
-<https://named-data.net/publications/techreports/ndn-tr-22-3-ndn-memo-naming-conventions/>`__.
-
-For example::
-
- /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/v=1617592200702
- \_________________/ \___________/\___________/\______________/
- Identity Name KeyId IssuerId Version
-
-MetaInfo
---------
-
-The ``ContentType`` must be set to ``KEY`` (2).
-
-The ``FreshnessPeriod`` must be explicitly specified. The recommended value is 3,600,000 (1 hour).
-
-Content
--------
-
-The ``Content`` element of a certificate contains the actual bits of the public key, formatted as
-a DER-encoded `SubjectPublicKeyInfo <https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7>`__
-structure.
-
-SignatureInfo
--------------
-
-The ``SignatureInfo`` element of a certificate is required to include a ``ValidityPeriod``
-element.
-
-``ValidityPeriod`` contains two TLV sub-elements: ``NotBefore`` and ``NotAfter``, each
-carrying a UTC timestamp in *ISO 8601-1:2019* compact format without the final "Z" character
-("YYYYMMDDThhmmss", e.g., "20201231T235959"). ``NotBefore`` indicates when the certificate
-takes effect while ``NotAfter`` indicates when the certificate expires.
-
-.. code-block:: abnf
-
- ValidityPeriod = VALIDITY-PERIOD-TYPE TLV-LENGTH
- NotBefore
- NotAfter
-
- NotBefore = NOT-BEFORE-TYPE TLV-LENGTH IsoDate "T" IsoTime
-
- NotAfter = NOT-AFTER-TYPE TLV-LENGTH IsoDate "T" IsoTime
-
- IsoDate = 8DIGIT ; YYYYMMDD (UTC)
-
- IsoTime = 6DIGIT ; hhmmss (UTC)
-
-+---------------------------------------------+------------------+-----------------+
-| Type | Assigned number | Assigned number |
-| | (decimal) | (hexadecimal) |
-+=============================================+==================+=================+
-| ValidityPeriod | 253 | 0xFD |
-+---------------------------------------------+------------------+-----------------+
-| NotBefore | 254 | 0xFE |
-+---------------------------------------------+------------------+-----------------+
-| NotAfter | 255 | 0xFF |
-+---------------------------------------------+------------------+-----------------+
-
-Extensions
-----------
-
-A certificate may carry zero or more extension fields in its ``SignatureInfo`` element.
-An extension can be either critical or non-critical depending on its TLV-TYPE number.
-A critical TLV-TYPE means that if a validator cannot recognize or parse the extension,
-the validator must reject the whole certificate. Conversely, an extension with a
-non-critical TLV-TYPE may be ignored by the validator if it is not recognized. Refer to
-the general `evolvability rules
-<https://named-data.net/doc/NDN-packet-spec/current/tlv.html#considerations-for-evolvability-of-tlv-based-encoding>`__
-of the NDN packet format to determine whether a TLV-TYPE is critical or not.
-
-The TLV-TYPE number range [256, 511] is reserved for extensions. The currently defined
-extensions are listed in the table below.
-
-+---------------------------------------------+------------------+-----------------+
-| Type | Assigned number | Assigned number |
-| | (decimal) | (hexadecimal) |
-+=============================================+==================+=================+
-| AdditionalDescription (non-critical) | 258 | 0x102 |
-+---------------------------------------------+------------------+-----------------+
-
-AdditionalDescription
-~~~~~~~~~~~~~~~~~~~~~
-
-``AdditionalDescription`` is a non-critical extension that provides additional
-information about the certificate. The information is expressed as a set of
-key-value pairs. Both key and value are UTF-8 strings, e.g.,
-``("Organization", "UCLA")``. The issuer of a certificate can specify arbitrary
-key-value pairs to provide further details about the certificate.
-
-.. code-block:: abnf
-
- CertificateExtension = AdditionalDescription
-
- AdditionalDescription = ADDITIONAL-DESCRIPTION-TYPE TLV-LENGTH
- 1*DescriptionEntry
-
- DescriptionEntry = DESCRIPTION-ENTRY-TYPE TLV-LENGTH
- DescriptionKey
- DescriptionValue
-
- DescriptionKey = DESCRIPTION-KEY-TYPE TLV-LENGTH 1*OCTET
-
- DescriptionValue = DESCRIPTION-VALUE-TYPE TLV-LENGTH 1*OCTET
-
-+---------------------------------------------+------------------+-----------------+
-| Type | Assigned number | Assigned number |
-| | (decimal) | (hexadecimal) |
-+=============================================+==================+=================+
-| DescriptionEntry | 512 | 0x200 |
-+---------------------------------------------+------------------+-----------------+
-| DescriptionKey | 513 | 0x201 |
-+---------------------------------------------+------------------+-----------------+
-| DescriptionValue | 514 | 0x202 |
-+---------------------------------------------+------------------+-----------------+
diff --git a/docs/specs/safe-bag.rst b/docs/specs/safe-bag.rst
index 04e3c4e..b4ae80a 100644
--- a/docs/specs/safe-bag.rst
+++ b/docs/specs/safe-bag.rst
@@ -1,15 +1,14 @@
SafeBag Format for Exported Credentials
=======================================
-Sometimes it may be necessary to export an identity's credentials (i.e., private key and
-associated certificate) from one machine and import them into another. This requires a
-secure container to carry the sensitive information. We define **SafeBag**, which contains
-an :doc:`NDN certificate </specs/certificate>` and the corresponding private key in encrypted
-form. The private key is formatted as a DER-encoded
-`EncryptedPrivateKeyInfo <https://datatracker.ietf.org/doc/html/rfc5208#section-6>`__
-structure as described in PKCS #8.
+Sometimes it may be necessary to export an identity's credentials (i.e., private key and associated
+certificate) from one machine and import them into another. This requires a secure container to
+carry the sensitive information. For this purpose, we define the **SafeBag** format, which contains
+an `NDN certificate <https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html>`__ and the
+corresponding private key in encrypted form. The private key is formatted as a DER-encoded
+:rfc:`EncryptedPrivateKeyInfo <5208#section-6>` structure as described in PKCS #8.
-The TLV-based format of ``SafeBag`` is defined as follows:
+The TLV encoding of ``SafeBag`` is defined as follows:
.. code-block:: abnf
diff --git a/ndn-cxx/security/additional-description.hpp b/ndn-cxx/security/additional-description.hpp
index ae10987..a30507b 100644
--- a/ndn-cxx/security/additional-description.hpp
+++ b/ndn-cxx/security/additional-description.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,7 +22,6 @@
#ifndef NDN_CXX_SECURITY_ADDITIONAL_DESCRIPTION_HPP
#define NDN_CXX_SECURITY_ADDITIONAL_DESCRIPTION_HPP
-#include "ndn-cxx/detail/common.hpp"
#include "ndn-cxx/encoding/block.hpp"
#include "ndn-cxx/encoding/tlv.hpp"
@@ -34,7 +33,7 @@
/**
* @brief Represents an %AdditionalDescription TLV element.
- * @sa <a href="../specs/certificate.html">NDN Certificate Format</a>
+ * @sa https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html
*/
class AdditionalDescription
{
@@ -45,8 +44,8 @@
using tlv::Error::Error;
};
- typedef std::map<std::string, std::string>::iterator iterator;
- typedef std::map<std::string, std::string>::const_iterator const_iterator;
+ using iterator = std::map<std::string, std::string>::iterator;
+ using const_iterator = std::map<std::string, std::string>::const_iterator;
public:
/**
diff --git a/ndn-cxx/security/certificate.hpp b/ndn-cxx/security/certificate.hpp
index 16b2c17..7ab4ee1 100644
--- a/ndn-cxx/security/certificate.hpp
+++ b/ndn-cxx/security/certificate.hpp
@@ -32,7 +32,7 @@
inline namespace v2 {
/**
- * @brief Represents an NDN certificate following the version 2.0 format.
+ * @brief Represents an NDN certificate.
*
* Example of an NDN certificate name:
* @code{.unparsed}
@@ -54,7 +54,7 @@
* - `Key %Name` is the logical name of the key used for management purposes. The key name
* includes the identity name, the keyword `KEY`, and the `KeyId` component.
*
- * @sa <a href="../specs/certificate.html">Certificate Format</a>
+ * @sa https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html
*/
class Certificate : public Data
{
diff --git a/ndn-cxx/security/validity-period.hpp b/ndn-cxx/security/validity-period.hpp
index 447daf4..518c952 100644
--- a/ndn-cxx/security/validity-period.hpp
+++ b/ndn-cxx/security/validity-period.hpp
@@ -22,9 +22,8 @@
#ifndef NDN_CXX_SECURITY_VALIDITY_PERIOD_HPP
#define NDN_CXX_SECURITY_VALIDITY_PERIOD_HPP
-#include "ndn-cxx/detail/common.hpp"
-#include "ndn-cxx/encoding/tlv.hpp"
#include "ndn-cxx/encoding/block.hpp"
+#include "ndn-cxx/encoding/tlv.hpp"
#include "ndn-cxx/util/time.hpp"
namespace ndn {
@@ -32,7 +31,7 @@
/**
* @brief Represents a %ValidityPeriod TLV element.
- * @sa <a href="../specs/certificate.html">NDN Certificate Format</a>
+ * @sa https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html
*/
class ValidityPeriod
{