<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Lei,
<div class=""><br class="">
</div>
<div class="">Alex would be a better person to explain this. My questions about your questions below:</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Feb 21, 2017, at 12:55 PM, Lei Pi <<a href="mailto:lpi@memphis.edu" class="">lpi@memphis.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default" style="font-family:verdana,sans-serif">Hi, <br class="">
</div>
<div class="gmail_quote">
<div dir="ltr" class="">
<div style="font-family:verdana,sans-serif" class=""><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="">While
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
reading</div>
documents on redmine, I found myself confused
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
with</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
the "<i class="">Using registerPrefix with NFD</i>" part of article "<i class="">Application Development Documentation / Guides</i>"[1].
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
The original text of the article goes as follows: </div>
<div style="font-family:verdana,sans-serif" class=""><br class="">
</div>
<div class=""><font face="verdana, sans-serif" class="">>>> When you install NFD, it installs a default signing key on your system. For registerPrefix to create a signed command interest using this default signing key, your application needs to use the default
KeyChain constructor and call setCommandSigningInfo so that the Face can sign the command interest created by registerPrefix</font><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div style="font-family:verdana,sans-serif" class="">But
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
</div>
when an application sends out a command interest, the recipient
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
should</div>
check if the interest's signing key is finally signed by an
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
administrator's</div>
signing key in order to reject unauthorized commands
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
How do you know "<span style="font-family: verdana, sans-serif;" class="">the recipient</span><span style="font-family: verdana, sans-serif;" class=""> </span>
<div class="gmail_default" style="font-family: verdana, sans-serif; display: inline;">
should</div>
<span style="font-family: verdana, sans-serif;" class=""> check if the interest's signing key is finally signed by an</span><span style="font-family: verdana, sans-serif;" class=""> </span>
<div class="gmail_default" style="font-family: verdana, sans-serif; display: inline;">
administrator's</div>
<span style="font-family: verdana, sans-serif;" class=""> signing key in order to reject unauthorized commands</span>
<div class="gmail_default" style="font-family: verdana, sans-serif; display: inline;">
.“? What checking is needed depends on the trust model. What’s the trust model here?</div>
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_quote">
<div dir="ltr" class="">
<div class="">
<div style="font-family:verdana,sans-serif" class=""><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="">So what's the purpose of the NFD's default signing key? Why should the app use this key
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
to initialize its identity</div>
? Note the NFD's default signing key is not signed by anyone
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
[2].</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
The line you are referring to doesn’t seem to be relevant to "<span style="font-family: verdana, sans-serif;" class="">the NFD's default signing key is not signed by anyone</span>
<div class="gmail_default" style="font-family: verdana, sans-serif; display: inline;">
“.</div>
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_quote">
<div dir="ltr" class="">
<div class="">
<div style="font-family:verdana,sans-serif" class=""><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="">If it is also
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
for</div>
defend
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
ing</div>
against unauthorized command interests, then any local app, including possible malwares, can also use this key to sign their interest by simply using the default keychain.</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
The assumption is that local apps are trusted if they are allowed to run. There needs to be checking before they are launched. The secure launcher part is not implemented (or designed) yet.</div>
<div><br class="">
</div>
<div>Lan</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_quote">
<div dir="ltr" class="">
<div class="">
<div style="font-family:verdana,sans-serif" class="">If not, what other purpose could it be? <br class="">
</div>
<br class="">
</div>
<div class=""><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="">[1] <a href="https://redmine.named-data.net/projects/application-development-documentation-guides/wiki/Using_Client_Libraries_with_NDNx_vs_NDNx-TLV_vs_NFD#Using-registerPrefix-with-NFD" target="_blank" class="">
https://redmine.named-data.<wbr class="">net/projects/application-<wbr class="">development-documentation-<wbr class="">guides/wiki/Using_Client_<wbr class="">Libraries_with_NDNx_vs_NDNx-<wbr class="">TLV_vs_NFD#Using-<wbr class="">registerPrefix-with-NFD</a></div>
<div style="font-family:verdana,sans-serif" class="">
<div class="gmail_default" style="font-family:verdana,sans-serif">[2] <a href="https://github.com/named-data/NFD/blob/master/tools/nfd-start.sh#L42" class="">
https://github.com/named-data/NFD/blob/master/tools/nfd-start.sh#L42</a> </div>
<br class="">
</div>
<div style="font-family:verdana,sans-serif" class=""></div>
<div style="font-family:verdana,sans-serif" class=""><br class="">
</div>
<div style="font-family:verdana,sans-serif" class="">Thank you. <span style="color:rgb(136,136,136)" class=""></span></div>
</div>
</div>
-- <br class="">
<div class="gmail_signature">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">Regards,</div>
<div class="">Lei
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
Pi</div>
</div>
<div class="">
<div class="gmail_default" style="font-family:verdana,sans-serif;display:inline">
University of Memphis</div>
</div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br class="">
Ndn-interest mailing list<br class="">
<a href="mailto:Ndn-interest@lists.cs.ucla.edu" class="">Ndn-interest@lists.cs.ucla.edu</a><br class="">
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest<br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>