[Ndn-interest] Adding HMAC to available NDN signature types
Junxiao Shi
shijunxiao at email.arizona.edu
Tue Sep 23 08:47:32 PDT 2014
Dear folks
It appears to me that HMAC, as a signing algorithm that requires a
symmetric key, is suitable only for realtime applications with a small
number of mutually trusted participants.
The reasons are:
- Participants must be mutually trusted, because any participant who
wants to verify Data must know the symmetric key, and knowing the symmetric
key allows a participant to sign Data as well.
- Verifying old Data requires knowing the symmetric key. However, it's
impossible to establish mutual trust when the participant who generated the
Data is gone. Thus HMAC is suitable for realtime applications only, where
all participants are still alive.
To use HMAC signing, we must first use existing pubkey signing methods to
establish mutual trust between participants, and negotiate a symmetric key.
This key should also be rotated periodically.
The mechanism for key management should be designed, in order for HMAC
signing to be useful.
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140923/d6556735/attachment.html>
More information about the Ndn-interest
mailing list