xuxt
421847d329
Co-authored-by: xiuting.xu <xiutingxt.xu@gmail.com> Reviewed-on: #1 Reviewed-by: yuyr <yuyr@zgclab.edu.cn> Co-authored-by: xuxt <xuxt@zgclab.edu.cn> Co-committed-by: xuxt <xuxt@zgclab.edu.cn>
1.9 KiB
1.9 KiB
01. Trust Anchor Locator (TAL)
1.1 对象定位
TAL是一个数据格式/配置文件,目的是告诉RP信任锚的公钥是什么,以及相关对象可以从哪里获取。
1.2 数据格式 (RFC 8630 §2.2)
TAL是一个配置文件,格式定义如下:
The TAL is an ordered sequence of:
1. an optional comment section consisting of one or more lines each starting with the "#" character, followed by human-readable informational UTF-8 text, conforming to the restrictions defined
in Section 2 of [RFC5198], and ending with a line break,
2. a URI section that is comprised of one or more ordered lines, each containing a TA URI, and ending with a line break,
3. a line break, and
4. a subjectPublicKeyInfo [RFC5280] in DER format [X.509], encoded in base64 (see Section 4 of [RFC4648]). To avoid long lines,
line breaks MAY be inserted into the base64-encoded string.
Note that line breaks in this file can use either "<CRLF>" or "<LF>".
1.3 抽象数据模型
1.3.1 TAL
| 字段 | 类型 | 语义 | 约束/解析规则 | RFC 引用 |
|---|---|---|---|---|
| uris | Vec | 指向TA的URI列表 | 允许rsync和https协议。 | RFC 8630 §2.1 |
| comment | Vec | 注释(可选) | RFC 8630 §2.2 | |
| spki_der | Vec | 原始的subjectPublicKeyInfo | x.509 SubjectPublicKeyInfo DER编码,再base64编码 | RFC 8630 §2.2 |
1.3.2 TalUri
| 字段 | 类型 | 语义 | 约束/解析规则 | RFC 引用 |
|---|---|---|---|---|
| Rsync | String | rsync地址 | RFC 8630 §2.1 | |
| Https | String | https地址 | RFC 8630 §2.1 |