[Ndn-interest] [Question] What's the purpose of the NFD's default signing key?

Lei Pi (lpi) lpi at memphis.edu
Wed Feb 22 21:11:37 PST 2017


Thank you.

----
Regards,
Lei

On Feb 22, 2017, 11:09 PM -0600, Lan Wang (lanwang) <lanwang at memphis.edu>, wrote:
Lei,

Just realized that the application development guide you are referring to was written in 2014 by Jeff Thompson and it is for NDN-CCL.  I suggest confirming with Jeff that this is up to date and if so clarify your questions with him first.

Lan

On Feb 22, 2017, at 10:53 PM, Lei Pi (lpi) <lpi at memphis.edu<mailto:lpi at memphis.edu>> wrote:

Hi Dr. Wang,

How do you know "the recipient
​should
 check if the interest's signing key is finally signed by an
​administrator's
 signing key in order to reject unauthorized commands
​.​“?  What checking is needed depends on the trust model.  What’s the trust model here?
Under specific scenarios whether the recipient should do the checking is up to the designer’s decision. I’m possibly wrong, but NFD is making decision for the recipients about which signing key the command interest is signed with should be trusted. Why isn’t that limiting the possibilities of designs? And why is that necessary?


So what's the purpose of the NFD's default signing key? Why should the app use this key
​ to initialize its identity​
? Note the NFD's default signing key is not signed by anyone
​[2].​

The line you are referring to doesn’t seem to be relevant to "the NFD's default signing key is not signed by anyone
​“.
The line is generating a new key and that key looks like a self-signed key or unsigned key. I believe this is what the article I was citing means. My question about this is in the next line.


If it is also
​ for
 defend
​ing​
against unauthorized command interests, then any local app, including possible malwares, can also use this key to sign their interest by simply using the default keychain.

The assumption is that local apps are trusted if they are allowed to run.  There needs to be checking before they are launched.  The secure launcher part is not implemented (or designed) yet.
Then is it right to say that unless the secure launcher is a fully automatic one which makes no mistakes, the user will be involved in deciding trusted apps instead of the protocol or the service providers?

I understand now it can be used to by default deny forwarding all remote command interests.

Thank you.


Lan

If not, what other purpose could it be?


​[1] https://redmine.named-data.net/projects/application-development-documentation-guides/wiki/Using_Client_Libraries_with_NDNx_vs_NDNx-TLV_vs_NFD#Using-registerPrefix-with-NFD
​[2] https://github.com/named-data/NFD/blob/master/tools/nfd-start.sh#L42 ​

​

Thank you. ​
--
Regards,
Lei
​Pi
University of Memphis​
_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu<mailto:Ndn-interest at lists.cs.ucla.edu>
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170223/bc574eee/attachment.html>


More information about the Ndn-interest mailing list