Blame - validator.conf.sample.in - ndns

blob: 4bc401f8d91d49292511b49db0eff913fcc172a8 [file] [log] [blame]

Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	1	rule
				2	{
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	3	id "NDNS KEY signing rule"
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	4	for data
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	5	filter
				6	{
				7	type name
				8	regex ^([^<NDNS>]*)<NDNS><KEY><><><>$
				9	}
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	10	checker
				11	{
				12	type customized
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	13	sig-type ecdsa-sha256
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	14	key-locator
				15	{
				16	type name
				17	hyper-relation
				18	{
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	19	k-regex ^([^<NDNS>])<NDNS>(<>)<KEY><>$
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	20	k-expand \\1\\2
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	21	h-relation is-prefix-of ; ksk should be signed by dkey in parent zone
				22	p-regex ^([^<NDNS>]*)<NDNS><KEY><><><>$
				23	p-expand \\1
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	24	}
Yumin Xia	2c509c2	2017-02-09 14:37:36 -0800	[diff] [blame]	25	; example1:
				26	; data: /ndn/ndnsim/NDNS/KEY/ksk-1/CERT/123
				27	; k-locator: /ndn/NDNS/ndnsim/KEY/dkey-1
				28	; example2:
				29	; data: /ndn/ndnsim/NDNS/KEY/dsk-1/CERT/123
				30	; k-locator: /ndn/ndnsim/NDNS/KEY/ksk-1
				31	}
				32	}
				33	}
				34
				35	rule
				36	{
				37	id "NDNS data signing rule"
				38	for data
				39	filter
				40	{
				41	type name
				42	regex ^([^<NDNS>])<NDNS>(<>)<><>$
				43	}
				44	checker
				45	{
				46	type customized
				47	sig-type ecdsa-sha256
				48	key-locator
				49	{
				50	type name
				51	hyper-relation
				52	{
				53	k-regex ^([^<NDNS>]*)<NDNS><KEY><>$
				54	k-expand \\1
				55	h-relation equal; data should be signed by dsk
				56	p-regex ^([^<NDNS>])<NDNS>(<>)<><>$
				57	p-expand \\1
				58	}
				59	; example:
				60	; data: /ndn/ndnsim/NDNS/NS/CERT/123
				61	; k-locator: /ndn/ndnsim/NDNS/KEY/dsk-1
Shock Jiang	0b165f4	2014-10-24 09:08:09 -0700	[diff] [blame]	62	}
				63	}
				64	}
				65
				66	trust-anchor
				67	{
				68	type file
				69	file-name @ANCHORPATH@
				70	}