Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TrustStore: Ensure referenced TRC is available #3629

Merged
merged 2 commits into from
Feb 10, 2020
Merged

TrustStore: Ensure referenced TRC is available #3629

merged 2 commits into from
Feb 10, 2020

Conversation

oncilla
Copy link
Contributor

@oncilla oncilla commented Jan 21, 2020
edited by kormat
Loading

When verifying a signature, the verifier now makes sure to have the
referenced TRC available locally.

This is one mechanism how TRC updates are disseminated.

This change is Reviewable

@oncilla oncilla requested a review from karampok January 21, 2020 14:15
karampok
karampok suggested changes Jan 21, 2020
View reviewed changes
Copy link
Contributor

@karampok karampok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 2 files reviewed, 2 unresolved discussions (waiting on @karampok and @oncilla)

a discussion (no related file):

This is one mechanism how TRC updates are disseminated.
what does it mean?

go/lib/infra/modules/trust/verifier.go, line 114 at r1 (raw file):

		AllowInactive:  true,
	}
	if _, err := v.Store.GetTRC(ctx, TRCID{ISD: src.IA.I, Version: src.TRCVer}, tOpts); err != nil {

I find this not very intuitive:
you run a function that will load the correct TRC in the db (is it a blocking operation?)
then you ran another function that will do something (no idea if TRC is being used).

So I would like to see how trc, trcVer,asCert is connected to the verification process.
Something like this

...
trc, err := v.Store.GetTRC()

as, err:= getAS()

if !valid(trc, as){
 return error
}
...

alternatively you could put the getTRC call when you actually try to get and use the TRC (inside GetASKey)

@oncilla oncilla force-pushed the pub-trust-trc-local branch from 066152f to eff8fcb Compare January 27, 2020 12:28
oncilla
oncilla commented Jan 31, 2020
View reviewed changes
Copy link
Contributor Author

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 5 of 5 files at r2.
Dismissed @karampok from a discussion.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @karampok)

go/lib/infra/modules/trust/verifier.go, line 114 at r1 (raw file):

Previously, karampok (Konstantinos) wrote…

I find this not very intuitive:
you run a function that will load the correct TRC in the db (is it a blocking operation?)
then you ran another function that will do something (no idea if TRC is being used).

So I would like to see how trc, trcVer,asCert is connected to the verification process.
Something like this

...
trc, err := v.Store.GetTRC()

as, err:= getAS()

if !valid(trc, as){
 return error
}
...

alternatively you could put the getTRC call when you actually try to get and use the TRC (inside GetASKey)

The issuer here is that the source contains two kinds of information,

oncilla
oncilla commented Jan 31, 2020
View reviewed changes
Copy link
Contributor Author

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dismissed @karampok from a discussion.
Reviewable status: all files reviewed, 1 unresolved discussion

@oncilla
TrustStore: Ensure referenced TRC is available
1e8361d 
When verifying a signature, the verifier now makes sure to have the
referenced TRC available locally.

This is one mechanism how TRC updates are disseminated.
@oncilla
feedback
15ad30d
@oncilla oncilla force-pushed the pub-trust-trc-local branch from eff8fcb to 15ad30d Compare February 10, 2020 13:59
@oncilla oncilla merged commit 0866705 into scionproto:master Feb 10, 2020
@oncilla oncilla deleted the pub-trust-trc-local branch February 10, 2020 14:30
stygerma pushed a commit to stygerma/scion that referenced this pull request Mar 26, 2020
@oncilla @stygerma
TrustStore: Ensure referenced TRC is available (scionproto#3629)
f396573 
When verifying a signature, the verifier now makes sure to have the
referenced TRC available locally.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karampok karampok karampok requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@oncilla @karampok