<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-2">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I wasn't serving the certificate, so probably that's the problem.
Both consumer and producer are on the same physical machine, so I
assumed the consumer could retrieve the certificate directly from
NFD. I'll try to add the necessary code. However, it's a bit
strange that a certificate is still received, but with a malformed
name...</p>
<p><br>
</p>
<p>@Pedro: thanks a lot for your code! I was looking for something
like this for a long time. It's extremely useful. It's just that
it doesn't compile with the newest version of ndn-cxx (v 0.6.0).
The security API got changed, but it's easy to adapt it. <br>
</p>
<p><br>
</p>
<p>Thank you both for your help,</p>
<p>Michał<br>
</p>
<br>
<div class="moz-cite-prefix">On 26/10/17 22:33, Muktadir R Chowdhury
(mrchwdhr) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM2PR04MB48052AC3A3C19328A7F645EDA450@DM2PR04MB480.namprd04.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-2">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;"
dir="ltr">
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;">Can you tell me how your application is
serving the certificate (where you are setting interest filter
for certificate)? </p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;">E.g.
face.setInterestFilter("/root/site1/KEY")</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;"><br>
</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;">Can you share the code where you are doing
it?</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;"><br>
</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;">The code snippet you shared shows how you
are signing the data, not the certificate serving process.</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;"><br>
</p>
<p style="font-family: Calibri, Helvetica, sans-serif;
font-size: 16px;">Muktadir</p>
<br>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b> Michał
Król <a class="moz-txt-link-rfc2396E" href="mailto:m.krol@ucl.ac.uk"><m.krol@ucl.ac.uk></a><br>
<b>Sent:</b> Tuesday, October 24, 2017 9:20:20 PM<br>
<b>To:</b> Muktadir R Chowdhury (mrchwdhr);
<a class="moz-txt-link-abbreviated" href="mailto:ndn-interest@lists.cs.ucla.edu">ndn-interest@lists.cs.ucla.edu</a><br>
<b>Subject:</b> Re: [Ndn-interest] Complete trust management
from scratch in ndn-cxx</font>
<div> </div>
</div>
<div>
<p>If I understood well, the API says, that createIdentity()
just retrieves the identity if it's already in the system
(even if the name is somewhat misleading):</p>
<p><br>
</p>
<p>"This method will check if the identity exists in PIB and
whether the identity has a default key and default
certificate. If the identity does not exist, this method will
create the identity in PIB. If the identity's default key does
not exist, this method will create a key pair and set it as
the identity's default key. If the key's default certificate
is missing, this method will create a self-signed certificate
for the key."</p>
<p><br>
Anyway, which other method should be used to retrieve the
certificate? I couldn't find any "good practice" document
about it's supposed to be done.
<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 24/10/17 16:02, Muktadir R
Chowdhury (mrchwdhr) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM2PR04MB4804D84D80A61C349C6ECD5DA470@DM2PR04MB480.namprd04.prod.outlook.com">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;"
dir="ltr">
<p>You don't have to create the site identity again. You are
creating it using ndnsec-key-gen.</p>
<p><br>
</p>
<p>Just use the identity name to get the certificate, put it
in the data packet, name the data packet as the name of
the cert, then send it.</p>
<p><br>
</p>
<p>Muktadir</p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
Michał Król
<a class="moz-txt-link-rfc2396E"
href="mailto:m.krol@ucl.ac.uk" moz-do-not-send="true"><m.krol@ucl.ac.uk></a><br>
<b>Sent:</b> Tuesday, October 24, 2017 8:32:00 PM<br>
<b>To:</b> Muktadir R Chowdhury (mrchwdhr); <a
class="moz-txt-link-abbreviated"
href="mailto:ndn-interest@lists.cs.ucla.edu"
moz-do-not-send="true">
ndn-interest@lists.cs.ucla.edu</a><br>
<b>Subject:</b> Re: [Ndn-interest] Complete trust
management from scratch in ndn-cxx</font>
<div> </div>
</div>
<div>
<p>Sure, in the constructor I use:</p>
<p> m_face.setInterestFilter("/root/site1",<br>
bind(&Producer::onInterest, this, _1, _2),<br>
RegisterPrefixSuccessCallback(),<br>
bind(&Producer::onRegisterFailed, this, _1, _2));<br>
<br>
<br>
m_ident =
m_keyChain.createIdentity(Name("/root/site1"));<br>
m_info = ndn::security::SigningInfo(m_ident);</p>
<p><br>
</p>
<p>And then in when an interest arrives I use this to sign
the data:</p>
<p> m_keyChain.sign(*data, m_info);<br>
</p>
<br>
<div class="moz-cite-prefix">On 24/10/17 15:28, Muktadir R
Chowdhury (mrchwdhr) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM2PR04MB4803A42BE6896F8F771194BDA470@DM2PR04MB480.namprd04.prod.outlook.com">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;"
dir="ltr">
<p>How are you serving the certificate?</p>
<p>Can you share the code where producer is sending the
certificate?</p>
<p><br>
</p>
<p>Muktadir</p>
<p><br>
</p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" face="Calibri, sans-serif"
color="#000000"><b>From:</b> Michał Król
<a class="moz-txt-link-rfc2396E"
href="mailto:m.krol@ucl.ac.uk"
moz-do-not-send="true">
<m.krol@ucl.ac.uk></a><br>
<b>Sent:</b> Tuesday, October 24, 2017 8:24:35 PM<br>
<b>To:</b> Muktadir R Chowdhury (mrchwdhr); <a
class="moz-txt-link-abbreviated"
href="mailto:ndn-interest@lists.cs.ucla.edu"
moz-do-not-send="true">
ndn-interest@lists.cs.ucla.edu</a><br>
<b>Subject:</b> Re: [Ndn-interest] Complete trust
management from scratch in ndn-cxx</font>
<div> </div>
</div>
<div>
<p>When I dump the certificate I get the correct name:</p>
<p><span>ndnsec-dump-certificate -i -p /root/site1</span></p>
<p><span>Certificate name:<br>
/root/site1/KEY/%AF%C7%D8y3%5De%06/NA/%FD%00%00%01_AR%9B%1C</span></p>
<p><span> Key Locator:
Name=/root/KEY/%AC%FD%1A%A9%CA%9A%A5%C3<br>
</span></p>
<p><span><br>
</span></p>
<p><span>However, when I use it to sign, the name I get
at the consumer is:</span></p>
<p><span> /root/site1/KEY/%AF%C7%D8y3%5De%06/%FD%00%00%01_N%9E%0Aw<br>
</span></p>
<p><span><br>
</span></p>
<p><span>The "NA" component is missing and that's the
cause of the problem. <br>
</span></p>
<p><span><br>
</span></p>
<p>In some tutorials, people submit "-N /root/site1"
parameter to the <span>ndnsec-certgen command.
However, in the newest version, this option is not
present. Could it be the problem?<br>
</span></p>
<p><span><br>
</span></p>
<p><br>
</p>
<p><br>
</p>
<p>/root/site1/KEY/%AF%C7%D8y3%5De%06/%FD%00%00%01_N%9E%0Aw<br>
</p>
<br>
<div class="moz-cite-prefix">On 24/10/17 15:10, Muktadir
R Chowdhury (mrchwdhr) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM2PR04MB480240EE1532C11E7C1588ADA470@DM2PR04MB480.namprd04.prod.outlook.com">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;"
dir="ltr">
<p>The value for <span>KEY_COMPONENT_OFFSET is -4.
That means you get the 4th component from the
last. Another way of saying this is that you
have three more component after KEY.</span></p>
<p><span><br>
</span></p>
<p><span>Your key/cert creation looks fine.</span></p>
<p><span>You can check the name of the certificate
using this command:</span></p>
<p><span>ndnsec-dump-certificate -i -p /root,</span></p>
<p><span>ndnsec-dump-certificate -i -p /root/site1</span></p>
<p><span><br>
</span></p>
<p><span>Just make sure the data that contains the
certificate is same as the name of the
certificate.</span></p>
<p><span><br>
</span></p>
<p><span>Muktadir</span></p>
<p><span><br>
</span></p>
</div>
<hr style="display:inline-block;width:98%"
tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" face="Calibri, sans-serif"
color="#000000"><b>From:</b> Michał Król
<a class="moz-txt-link-rfc2396E"
href="mailto:m.krol@ucl.ac.uk"
moz-do-not-send="true">
<m.krol@ucl.ac.uk></a><br>
<b>Sent:</b> Tuesday, October 24, 2017 7:54:44 PM<br>
<b>To:</b> Muktadir R Chowdhury (mrchwdhr); <a
class="moz-txt-link-abbreviated"
href="mailto:ndn-interest@lists.cs.ucla.edu"
moz-do-not-send="true">
ndn-interest@lists.cs.ucla.edu</a><br>
<b>Subject:</b> Re: [Ndn-interest] Complete trust
management from scratch in ndn-cxx</font>
<div> </div>
</div>
<div>
<p>Thanks for your message Muktadir. However, it
still looks like the <key-owner-prefix> can
have only one component.
<br>
</p>
<p><br>
</p>
<p>When I send an Interest for "/root", use identity
"/root" to sign and data name "root" it works
fine. But when I send an interest for
"/root/site1", use identity "/root/site1" to sign
and data name "root/site1" it doesn't, because the
check in ndn-cxx is expecting "KEY" and I have
"site1" now as the second component. I tried to
set the site1 signed certificate as the trust
anchor in the config file, but it still doesn't
help.
<br>
</p>
<p><br>
</p>
<p>The check I'm talking about is in
./src/security/v2/certificate.cpp line 132.
KEY_COMPONENT_OFFSET points to the wrong name
component. Maybe there's a problem when I'm
generating the identities?</p>
<p>I do it like this:</p>
<p>ndnsec-keygen /root | tee root.ndncert |
ndnsec-cert-install -<br>
ndnsec-keygen /root/site1 > site1.req<br>
ndnsec-certgen -s /root/ site1.req >
site1.ndncert<br>
ndnsec-cert-install -f site1.ndncert</p>
<p><br>
</p>
<p>Once again, thanks a lot for your help,</p>
<p>Michał<br>
</p>
<br>
<div class="moz-cite-prefix">On 23/10/17 21:35,
Muktadir R Chowdhury (mrchwdhr) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM2PR04MB48046908D1186D00E63424ADA460@DM2PR04MB480.namprd04.prod.outlook.com">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;"
dir="ltr">
<p>Hi,</p>
<p>When your producer sends the certificate make
sure that the name of the data is the name of
the certificate. Because the receiver will use
the data packet to construct the certificate.
If the data name does not follow the
certificate naming convention, the constructor
for Certificate will throw the error you
reported.</p>
<p> </p>
<p>Please note that certificate name and key
name are different.</p>
<p>Key name:
<key-owner-prefix>/KEY/<key-id>, </p>
<p>Certificate name: <span style="font-family:
Calibri, Helvetica, sans-serif, Helvetica,
EmojiFont, "Apple Color Emoji",
"Segoe UI Emoji", NotoColorEmoji,
"Segoe UI Symbol", "Android
Emoji", EmojiSymbols; font-size: 16px;"><key-owner-prefix</span><span
style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;">>/KEY/<key-id>/<issuer-id>/<version-id>.</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;"><br>
</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;">For
certificate name the library is expecting
three more components after the "KEY"
component.</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;"><br>
</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;">Let me know
if you have any more questions.</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;"><br>
</span></p>
<p><span style="font-family: Calibri, Helvetica,
sans-serif, Helvetica, EmojiFont,
"Apple Color Emoji", "Segoe
UI Emoji", NotoColorEmoji, "Segoe
UI Symbol", "Android Emoji",
EmojiSymbols; font-size: 16px;">Muktadir</span></p>
</div>
<hr style="display:inline-block;width:98%"
tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" face="Calibri,
sans-serif" color="#000000"><b>From:</b>
Ndn-interest
<a class="moz-txt-link-rfc2396E"
href="mailto:ndn-interest-bounces@lists.cs.ucla.edu"
moz-do-not-send="true">
<ndn-interest-bounces@lists.cs.ucla.edu></a> on behalf of Michał
Król <a class="moz-txt-link-rfc2396E"
href="mailto:m.krol@ucl.ac.uk"
moz-do-not-send="true">
<m.krol@ucl.ac.uk></a><br>
<b>Sent:</b> Sunday, October 22, 2017 7:28:45
PM<br>
<b>To:</b> <a
class="moz-txt-link-abbreviated"
href="mailto:Matteo.Bertolino@eurecom.fr"
moz-do-not-send="true">
Matteo.Bertolino@eurecom.fr</a>; <a
class="moz-txt-link-abbreviated"
href="mailto:ndn-interest@lists.cs.ucla.edu"
moz-do-not-send="true">
ndn-interest@lists.cs.ucla.edu</a><br>
<b>Subject:</b> Re: [Ndn-interest] Complete
trust management from scratch in ndn-cxx</font>
<div> </div>
</div>
<div>
<p>I looked a bit deeper in the code and I found
the reason of the problem. <br>
</p>
<p>ndn-cxx is expecting "KEY" as the second
component in the certificate name. However, my
certificate name is:
"/root/publisher/KEY/%AF%C7%D8y3%5De%06/%FD%00%00%01_D8%F1%A4",
so "KEY" is the third component. </p>
<p>When I changed the code to put "/root/" in
the Interest instead of "/root/site1" it
solved the problem and the signature is
verified correctly. In future experiments I
would like to implement a hierarchy of trust.
Do you know what is the problem here?</p>
<p>Best,</p>
<p>Michał<br>
</p>
<br>
<div class="moz-cite-prefix">On 17/10/17 10:49,
Michał Król wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d78599a8-d4de-1a20-0b2a-036d1566c8d8@ucl.ac.uk">
<p>Hi Matteo, <br>
</p>
<p>thanks for your message. It's just a
formatting problem. For some reason my mail
client decide to replace tabs with "/" and
"?". There are not present in the files
though.
<br>
</p>
<p>I've seen your tutorial before. Actually,
it was the only complete solution it could
find online, so I was basing heavily on it.
Thank you. My setup seems only slightly
different, but I still can't make it work.
<br>
</p>
<p>Best,</p>
<p>Michał<br>
</p>
<p><br>
</p>
<br>
<blockquote type="cite"
cite="mid:EAB20BA3-4E53-44A8-8CF9-5C1DF292037F@ucl.ac.uk">
<br class="">
<div style=""><br class="">
<blockquote type="cite" class="">
<div class="">Begin forwarded message:</div>
<br class="Apple-interchange-newline">
<div style="margin-top: 0px;
margin-right: 0px; margin-bottom: 0px;
margin-left: 0px;" class="">
<span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0,
0, 0, 1.0);" class=""><b class="">From:
</b></span><span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class="">Matteo
Bertolino <<a
href="mailto:Matteo.Bertolino@eurecom.fr"
class="" moz-do-not-send="true">Matteo.Bertolino@eurecom.fr</a>><br
class="">
</span></div>
<div style="margin-top: 0px;
margin-right: 0px; margin-bottom: 0px;
margin-left: 0px;" class="">
<span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0,
0, 0, 1.0);" class=""><b class="">Subject:
</b></span><span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class=""><b
class="">Re: [Ndn-interest]
Complete trust management from
scratch in ndn-cxx</b><br class="">
</span></div>
<div style="margin-top: 0px;
margin-right: 0px; margin-bottom: 0px;
margin-left: 0px;" class="">
<span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0,
0, 0, 1.0);" class=""><b class="">Date:
</b></span><span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class="">16
October 2017 19:49:16 BST<br
class="">
</span></div>
<div style="margin-top: 0px;
margin-right: 0px; margin-bottom: 0px;
margin-left: 0px;" class="">
<span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0,
0, 0, 1.0);" class=""><b class="">To:
</b></span><span style="font-family:
-webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class=""><<a
href="mailto:ndn-interest@lists.cs.ucla.edu" class=""
moz-do-not-send="true">ndn-interest@lists.cs.ucla.edu</a>><br
class="">
</span></div>
<br class="">
<div class="">Hello,<br class="">
why do you have the "//" in each line
of the validator?<br class="">
I am by phone so I cannot provide you
easily a good answer, but you can find
a completed and commented use case
here:
<a
href="https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf"
class="" moz-do-not-send="true">
https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf</a><br
class="">
<br class="">
Section 3. Write me if u need some
clarifications.<br class="">
Matteo<br class="">
<br class="">
<br class="">
Quoting Micha? Król <<a
href="mailto:m.krol@ucl.ac.uk"
class="" moz-do-not-send="true">m.krol@ucl.ac.uk</a>>:<br
class="">
<br class="">
<blockquote type="cite" class="">Dear
all,<br class="">
<br class="">
I'm struggling with setting up a
simple trust/security system in NDN.
I<br class="">
find it difficult to find an updated
set information that will work for<br
class="">
all system components. Please
correct me if I misunderstood
something.<br class="">
<br class="">
I have a very simple scenario: one
producer and one consumer on one<br
class="">
machine. I want to have a central
entity (root) and a publisher<br
class="">
(publisher) that will be allowed to
publish trusted content.<br class="">
<br class="">
I first create the root certificate
using ndnsec and selfsign it: /<br
class="">
/<br class="">
<br class="">
/ ndnsec-key-gen -n /root//<br
class="">
/<br class="">
<br class="">
/ ndnsec-sign-req /root >
root.cert/<br class="">
<br class="">
Next I create a certificate for the
publisher and sign it using the root<br
class="">
certificate:<br class="">
<br class="">
/ ndnsec-key-gen -n
/root/publisher >
unsigned_publisher.cert//<br
class="">
// ndnsec-cert-gen -S 201510080000
-E 202010080000 -s /root -i<br
class="">
/root/publisher -r
unsigned_publisher.cert >
publisher.cert/<br class="">
<br class="">
<br class="">
I then used the publisher identity
to sign the data:<br class="">
<br class="">
/ m_ident =
m_keyChain.createIdentity(Name("/root/publisher"));//<br
class="">
// m_info =
ndn::security::SigningInfo(m_ident);/<br
class="">
<br class="">
/ m_keyChain.sign(*data,
m_info);/<br class="">
<br class="">
On the consumer side I use a
validator to validate data:<br
class="">
<br class="">
/
m_validator->load("sample.cfg");/<br
class="">
<br class="">
/ m_validator->validate
(data,//<br class="">
//
ndn::bind(&Consumer::onValidated,
this, _1),//<br class="">
//
ndn::bind(&Consumer::onValidationFailed,
this, _1, _2));/<br class="">
<br class="">
<br class="">
I want to trust everything signed
with the publishers key. The<br
class="">
sample.cfg is:<br class="">
<br class="">
/ rule//<br class="">
// {//<br class="">
// id "Sample Rule"//<br
class="">
// for data//<br class="">
// filter//<br class="">
// {//<br class="">
// type name//<br class="">
// name /root/publisher//<br
class="">
// relation is-prefix-of//<br
class="">
// }//<br class="">
// checker//<br class="">
// {//<br class="">
// type hierarchical//<br
class="">
// sig-type rsa-sha256//<br
class="">
// }//<br class="">
// }//<br class="">
//<br class="">
// trust-anchor//<br class="">
// {//<br class="">
// type file//<br class="">
// file-name "root.cert"//<br
class="">
// }/<br class="">
<br class="">
<br class="">
Now, when I launch the consumer, it
issues an interest, gets the data,<br
class="">
issues another interest to get the
key<br class="">
(/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but<br
class="">
ends up with an error:<br class="">
<br class="">
/ Malformed certificate (Name
does not follow the naming
convention<br class="">
for certificate). /<br class="">
<br class="">
<br class="">
My question is now, is it how I'm
supposed to do this? If yes, what's<br
class="">
the problem here? If not, is there
any example tutorial, walking
through<br class="">
the all steps of managing trust in
NDN (ndnsec, app, validator)?<br
class="">
<br class="">
Thanks in advance,<br class="">
<br class="">
Micha?<br class="">
<br class="">
<br class="">
</blockquote>
<br class="">
<br class="">
<br class="">
-------------------------------------------------------------------------------<br
class="">
This message was sent using EURECOM
Webmail: <a
href="http://webmail.eurecom.fr"
class="" moz-do-not-send="true">
http://webmail.eurecom.fr</a><br
class="">
<br class="">
_______________________________________________<br class="">
Ndn-interest mailing list<br class="">
<a
href="mailto:Ndn-interest@lists.cs.ucla.edu"
class="" moz-do-not-send="true">Ndn-interest@lists.cs.ucla.edu</a><br
class="">
<a class="moz-txt-link-freetext"
href="http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest"
moz-do-not-send="true">http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
</blockquote>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
<br>
</body>
</html>