xuxt
421847d329
Co-authored-by: xiuting.xu <xiutingxt.xu@gmail.com> Reviewed-on: #1 Reviewed-by: yuyr <yuyr@zgclab.edu.cn> Co-authored-by: xuxt <xuxt@zgclab.edu.cn> Co-committed-by: xuxt <xuxt@zgclab.edu.cn>
37 lines
1.9 KiB
Markdown
37 lines
1.9 KiB
Markdown
# 01. Trust Anchor Locator (TAL)
|
||
|
||
## 1.1 对象定位
|
||
TAL是一个数据格式/配置文件,目的是告诉RP信任锚的公钥是什么,以及相关对象可以从哪里获取。
|
||
|
||
## 1.2 数据格式 (RFC 8630 §2.2)
|
||
TAL是一个配置文件,格式定义如下:
|
||
```
|
||
The TAL is an ordered sequence of:
|
||
1. an optional comment section consisting of one or more lines each starting with the "#" character, followed by human-readable informational UTF-8 text, conforming to the restrictions defined
|
||
in Section 2 of [RFC5198], and ending with a line break,
|
||
2. a URI section that is comprised of one or more ordered lines, each containing a TA URI, and ending with a line break,
|
||
3. a line break, and
|
||
4. a subjectPublicKeyInfo [RFC5280] in DER format [X.509], encoded in base64 (see Section 4 of [RFC4648]). To avoid long lines,
|
||
line breaks MAY be inserted into the base64-encoded string.
|
||
Note that line breaks in this file can use either "<CRLF>" or "<LF>".
|
||
```
|
||
|
||
## 1.3 抽象数据模型
|
||
|
||
### 1.3.1 TAL
|
||
|
||
| 字段 | 类型 | 语义 | 约束/解析规则 | RFC 引用 |
|
||
|----------|-------------|-------------------------|--------------------------------------------|---------------|
|
||
| uris | Vec<TalUri> | 指向TA的URI列表 | 允许rsync和https协议。 | RFC 8630 §2.1 |
|
||
| comment | Vec<String> | 注释(可选) | | RFC 8630 §2.2 |
|
||
| spki_der | Vec<u8> | 原始的subjectPublicKeyInfo | x.509 SubjectPublicKeyInfo DER编码,再base64编码 | RFC 8630 §2.2 |
|
||
|
||
|
||
### 1.3.2 TalUri
|
||
|
||
| 字段 | 类型 | 语义 | 约束/解析规则 | RFC 引用 |
|
||
|-------|--------|---------|---------|---------------|
|
||
| Rsync | String | rsync地址 | | RFC 8630 §2.1 |
|
||
| Https | String | https地址 | | RFC 8630 §2.1 |
|
||
|