[Ndn-interest] running problems about nlsr
Vince Lehman (vslehman)
vslehman at memphis.edu
Mon Mar 2 09:40:37 PST 2015
Junxiao,
If I set "any" trust anchor, do I still need to create the certificates?
No, you would not need to create the certificates.
Will the router create certificates automatically?
If certificates are created automatically but I later revert the trust anchor setting, I'll need to delete those untrusted certificates, correct?
The router will not automatically create certificates so you will not need to remove untrusted certificates when changing the trust anchor settings.
--
Vince Lehman
On Mar 2, 2015, at 10:07 AM, Junxiao Shi <shijunxiao at email.arizona.edu<mailto:shijunxiao at email.arizona.edu>> wrote:
Hi Vince
If I set "any" trust anchor, do I still need to create the certificates?
Will the router create certificates automatically?
If certificates are created automatically but I later revert the trust anchor setting, I'll need to delete those untrusted certificates, correct?
Yours, Junxiao
On Mar 2, 2015 9:03 AM, "Vince Lehman (vslehman)" <vslehman at memphis.edu<mailto:vslehman at memphis.edu>> wrote:
Hi Shuo,
If you would like to make sure that security is the issue, you can disable security by commenting out the below lines and changing the type to “any":
...
trust-anchor
{
type any
;file-name "root.cert"
}
...
;cert-to-publish "router.cert" ; required, a file containing the router certificate.
It is important though that you leave the rest of the security section unmodified.
--
Vince Lehman
On Mar 2, 2015, at 2:02 AM, Junxiao Shi <shijunxiao at email.arizona.edu<mailto:shijunxiao at email.arizona.edu>> wrote:
Hi Shuo
I don't know whether that's possible, but this is a bad idea in any production deployment.
Yours, Junxiao
On Mar 2, 2015 12:44 AM, "Shuo Chen" <chenatu2006 at gmail.com<mailto:chenatu2006 at gmail.com>> wrote:
Can I temporarily turn off the security function by adding the config below?
security
{
validator
{
trust-anchor {
type any
}
}
}
On Mon, Mar 2, 2015 at 3:30 PM, Junxiao Shi <shijunxiao at email.arizona.edu<mailto:shijunxiao at email.arizona.edu>> wrote:
Hi Shuo
Follow this manual to create certificates.
http://named-data.net/doc/NLSR/current/SECURITY-CONFIG.html
It's critical to get the certificate chain right. This thread has some command lines:
http://www.lists.cs.ucla.edu/pipermail/nfd-dev/2014-November/000616.html
Yours, Junxiao
On Mar 2, 2015 12:24 AM, "Shuo Chen" <chenatu2006 at gmail.com<mailto:chenatu2006 at gmail.com>> wrote:
>
> I did not create any certificates.
_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu<mailto:Ndn-interest at lists.cs.ucla.edu>
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu<mailto:Ndn-interest at lists.cs.ucla.edu>
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20150302/d5c4d317/attachment.html>
More information about the Ndn-interest
mailing list