-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/14/2011 05:43 PM, Cullen Jennings wrote: > > There are a few things that did not get fixed in the -13 draft. Some due to > just not sure how to fix them yet and some due to lack of time. The remanning > open items are
[...] >> A.47. Section 6.3 >> >> The four policies defined in p2psip-base consistently says that "[a] given >> value MUST be written (or overwritten) if and only if the request is signed >> ..." Additional access control policies defined elsewhere use similar >> wording. >> >> But should not the StoredData signature be used instead of the request >> signature? When replicating the data, the signer of the StoreRequest will >> be different from the signer of the original request and so the test will >> no longer work. Section 6.4.1.1 says that "[a] peer MUST [check that] >> [e]ach element is signed by a credential which is authorized to write this >> kind at this Resource-ID.", which seems to confirm that this is the >> element's signature that must be checked, not the request's. > > So the elements sig need to be checked for sure. The questions is should the > request sig also be checked before that. Unless we can say how to check it, > seems like bad idea. Proposal: remove this or clarify. Well, both need to be verified, the request when it is received and the element just before been inserted in the storage. When a peer receives a Store request because of replication, it will receive a Store request that will probably have a different SignerIdentity for the request and for the elements to store. So my proposal is this: Section 6.3.1: " In the USER-MATCH policy, a given value MUST be written (or overwritten) if and only if the value is signed with a key associated with a certificate whose user name hashes (using the hash function for the overlay) to the Resource-ID for the resource. Recall that the certificate may, depending on the overlay configuration, be self-signed." Section 6.3.2: " In the NODE-MATCH policy, a given value MUST be written (or overwritten) if and only if the value is signed with a key associated with a certificate whose Node-ID hashes (using the hash function for the overlay) to the Resource-ID for the resource." Section 6.3.3: " The USER-NODE-MATCH policy may only be used with dictionary types. In the USER-NODE-MATCH policy, a given value MUST be written (or overwritten) if and only if the value is signed with a key associated with a certificate whose user name hashes (using the hash function for the overlay) to the Resource-ID for the resource. In addition, the dictionary key MUST be equal to the Node-ID in the certificate." Section 6.3.4: " In the NODE-MULTIPLE policy, a given value MUST be written (or overwritten) if and only if the value is signed with a key associated with a certificate containing a Node-ID such that H(Node-ID || i) is equal to the Resource-ID for some small integer value of i. When this policy is in use, the maximum value of i MUST be specified in the kind definition." - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk1/sBsACgkQ9RoMZyVa61fLYQCfd+/Ukci0zRUI586eR5Wr0xqJ 7poAni6D8QlLlAO7jWqieLs1tvgVgNRO =gMPt -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
