Currently, KeyLocator in Interest/Data signature carries the key name only.
When there are multiple certificates issued to the same key, including when the certificate has been renewed on the same key, the validator may be retrieving an unexpected certificate.
This issue is to put the certificate name into KeyLocator during signing, so that the validator can retrieve the certificate without additional configuration.
yoursunny
commented
4 years ago
Currently, KeyLocator in Interest/Data signature carries the key name only. When there are multiple certificates issued to the same key, including when the certificate has been renewed on the same key, the validator may be retrieving an unexpected certificate.
This issue is to put the certificate name into KeyLocator during signing, so that the validator can retrieve the certificate without additional configuration.