You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The TsigMiddlewareSvc implemented by PR #380 does not implement this soft requirement of RFC 8945:
The server SHOULD also cache the most recent Time Signed value in a message generated by a key and SHOULD return BADTIME if a message received later has an earlier Time Signed value.
This could be done by storing the keys in a map with the last time signed value, but a few things are not clear:
The underlying tsig::Key type does not impl PartialEq or Eq nor does the underlying ring::hmac::Key type. How does one compare keys then? By name and algorithm type?
How long should the keys be kept in the map for? Should a Weak<Key> be stored and removed when no longer referenced by any KeyStore for example?
Is it enough to compare keys or should the request also come from the same sender as the last message time signed value being compared against? Are there any other requirements?
Ximon
The text was updated successfully, but these errors were encountered:
The
TsigMiddlewareSvcimplemented by PR #380 does not implement this soft requirement of RFC 8945:This could be done by storing the keys in a map with the last time signed value, but a few things are not clear:
tsig::Keytype does not implPartialEqorEqnor does the underlyingring::hmac::Keytype. How does one compare keys then? By name and algorithm type?Weak<Key>be stored and removed when no longer referenced by anyKeyStorefor example?Ximon
The text was updated successfully, but these errors were encountered: