From andreluizromanomadureira at gmail.com Sat Apr 12 13:26:57 2025 From: andreluizromanomadureira at gmail.com (Andre Madureira) Date: Sat, 12 Apr 2025 17:26:57 -0300 Subject: [ndnSIM] Fwd: Need for Multiple Trust schemas ? In-Reply-To: References: Message-ID: Hello everyone, I was currently working on an NDN App ( */appX *) that needs to consume data produced in another App ( */appY *). They both have their own trust schemas, with their own rules and certificate chains. The issue I'm facing is how to validate data produced in the "*/appY"* zone inside the application "*/appX"*, if they have distinct trust schemas? That is, */appX *consumes data produced within the name hierarchy of */appY.* How *appX* can validate those data packets created within *appY *? Thanks in advance for any insights provided. Best regards, Andr? Luiz Romano Madureira -------------- next part -------------- An HTML attachment was scrubbed... URL: From lixia at cs.ucla.edu Sat Apr 12 18:11:21 2025 From: lixia at cs.ucla.edu (Lixia Zhang) Date: Sat, 12 Apr 2025 18:11:21 -0700 Subject: [ndnSIM] Need for Multiple Trust schemas ? In-Reply-To: References:

Message-ID: <86ED5DD1-8268-4E73-8695-47BF32638095@cs.ucla.edu> If /appX and /appY do not have a shared trust anchor, the two are in two different trust domains. Verification across trust domains requires the establishment of security relations between the demains. Please see an early exploration on this issue" "Intertrust: establishing inter-zone trust relationships" https://dl.acm.org/doi/abs/10.1145/3517212.3559489 Lixia > On Apr 12, 2025, at 1:26?PM, Andre Madureira via ndnSIM wrote: > > > Hello everyone, > > I was currently working on an NDN App ( /appX ) that needs to consume data produced in another App ( /appY ). They both have their own trust schemas, with their own rules and certificate chains. > > The issue I'm facing is how to validate data produced in the "/appY" zone inside the application "/appX", if they have distinct trust schemas? > > That is, /appX consumes data produced within the name hierarchy of /appY. > How appX can validate those data packets created within appY ? > > Thanks in advance for any insights provided. > > Best regards, > > Andr? Luiz Romano Madureira > _______________________________________________ > ndnSIM mailing list > ndnSIM at lists.cs.ucla.edu > https://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim -------------- next part -------------- An HTML attachment was scrubbed... URL: From andreluizromanomadureira at gmail.com Sun Apr 13 08:01:51 2025 From: andreluizromanomadureira at gmail.com (Andre Madureira) Date: Sun, 13 Apr 2025 12:01:51 -0300 Subject: [ndnSIM] Need for Multiple Trust schemas ? In-Reply-To: <86ED5DD1-8268-4E73-8695-47BF32638095@cs.ucla.edu> References:

<86ED5DD1-8268-4E73-8695-47BF32638095@cs.ucla.edu> Message-ID: Dear Lixia, Thanks you for such a promptly and precise reply. My understanding from the Intertrust paper (please correct me if I'm wrong) is that if I have two apps (/appA and /appB), each with their own trust anchors (Za and Zb) and trust schemas, appA can consume packets from appB if Za signs Zb (resulting in a certificate Zb'). But after that I didn't understand how the solution would work . That is, if appA retrieve a data packet /appB/some_suffix, it can verify it's KeyLocator field to validate the certificate used to sign the data packet. However, that validation process requires the appB schema rules to work. How would that be implemented in Intertrust solution? >From what I could deduce, appA has two approaches to the appB validation rules retrieval problem: I) retrieve the appB trust schema (or a subset of it, managed by appB zone controller) , or ii) embed appB rules (in entirety or as a subset, defined by the appB zone controller) inside appA trust schema. The first solution implies that appA nodes can use two schemas to validate data packets (the appA schema, and the subset of appB schema). However I do not know if that is feasible in current NDN architecture. The other solution would imply mutating appA schema to contain a subset of the validation rules from appB. In that case, for each trust zone, we would need to have a new version of the appA schema, containing the exported appB validation rules. I really don't know what approach was originally thought for Intertrust implementation. Any ideas or insights will be highly appreciated. Best regards, Andr? Luiz Romano Madureira Em s?b., 12 de abr. de 2025, 22:11, Lixia Zhang escreveu: > If /appX and /appY do not have a shared trust anchor, the two are in two > different trust domains. > > Verification across trust domains requires the establishment of security > relations between the demains. Please see an early exploration on this > issue" > "Intertrust: establishing inter-zone trust relationships" > https://dl.acm.org/doi/abs/10.1145/3517212.3559489 > > Lixia > > On Apr 12, 2025, at 1:26?PM, Andre Madureira via ndnSIM < > ndnsim at lists.cs.ucla.edu> wrote: > > > Hello everyone, > > I was currently working on an NDN App ( */appX *) that needs to consume > data produced in another App ( */appY *). They both have their own trust > schemas, with their own rules and certificate chains. > > The issue I'm facing is how to validate data produced in the "*/appY"* zone > inside the application "*/appX"*, if they have distinct trust schemas? > > That is, */appX *consumes data produced within the name hierarchy of > */appY.* > How *appX* can validate those data packets created within *appY *? > > Thanks in advance for any insights provided. > > Best regards, > > Andr? Luiz Romano Madureira > _______________________________________________ > ndnSIM mailing list > ndnSIM at lists.cs.ucla.edu > https://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lixia at cs.ucla.edu Sun Apr 13 08:27:44 2025 From: lixia at cs.ucla.edu (Lixia Zhang) Date: Sun, 13 Apr 2025 08:27:44 -0700 Subject: [ndnSIM] Need for Multiple Trust schemas ? In-Reply-To: References:

<86ED5DD1-8268-4E73-8695-47BF32638095@cs.ucla.edu> Message-ID: <47694FBD-61AA-4557-B641-B6A1DCDDDA65@cs.ucla.edu> the inter-trust poster is based on the following model: - each entity E has one controller T which holds the trust anchor (self-signed cert). i.e. everyone has one boss, and one boss only. - T defines policies for how E treats input data, both intra- and inter-trust domains. In your example below: entities in /appA follow Za's trust schema *only; Za defines rules of how to deal with data from /appB domain. (I wonder why you think entities in /appA should care /appB's policies?) > On Apr 13, 2025, at 8:01?AM, Andre Madureira wrote: > > Dear Lixia, > > Thanks you for such a promptly and precise reply. > > My understanding from the Intertrust paper (please correct me if I'm wrong) is that if I have two apps (/appA and /appB), each with their own trust anchors (Za and Zb) and trust schemas, appA can consume packets from appB if Za signs Zb (resulting in a certificate Zb'). But after that I didn't understand how the solution would work . > > That is, if appA retrieve a data packet /appB/some_suffix, it can verify it's KeyLocator field to validate the certificate used to sign the data packet. However, that validation process requires the appB schema rules to work. How would that be implemented in Intertrust solution? > > From what I could deduce, appA has two approaches to the appB validation rules retrieval problem: I) retrieve the appB trust schema (or a subset of it, managed by appB zone controller) , or ii) embed appB rules (in entirety or as a subset, defined by the appB zone controller) inside appA trust schema. > > The first solution implies that appA nodes can use two schemas to validate data packets (the appA schema, and the subset of appB schema). However I do not know if that is feasible in current NDN architecture. > > The other solution would imply mutating appA schema to contain a subset of the validation rules from appB. In that case, for each trust zone, we would need to have a new version of the appA schema, containing the exported appB validation rules. > > I really don't know what approach was originally thought for Intertrust implementation. > > Any ideas or insights will be highly appreciated. > > Best regards, > > Andr? Luiz Romano Madureira > > Em s?b., 12 de abr. de 2025, 22:11, Lixia Zhang > escreveu: >> If /appX and /appY do not have a shared trust anchor, the two are in two different trust domains. >> >> Verification across trust domains requires the establishment of security relations between the demains. Please see an early exploration on this issue" >> "Intertrust: establishing inter-zone trust relationships" >> https://dl.acm.org/doi/abs/10.1145/3517212.3559489 >> >> Lixia >> >>> On Apr 12, 2025, at 1:26?PM, Andre Madureira via ndnSIM > wrote: >>> >>> >>> Hello everyone, >>> >>> I was currently working on an NDN App ( /appX ) that needs to consume data produced in another App ( /appY ). They both have their own trust schemas, with their own rules and certificate chains. >>> >>> The issue I'm facing is how to validate data produced in the "/appY" zone inside the application "/appX", if they have distinct trust schemas? >>> >>> That is, /appX consumes data produced within the name hierarchy of /appY. >>> How appX can validate those data packets created within appY ? >>> >>> Thanks in advance for any insights provided. >>> >>> Best regards, >>> >>> Andr? Luiz Romano Madureira >>> _______________________________________________ >>> ndnSIM mailing list >>> ndnSIM at lists.cs.ucla.edu >>> https://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim >> -------------- next part -------------- An HTML attachment was scrubbed... URL: