[Nfd-dev] Private key for applications to sign a registration request
Lan Wang (lanwang)
lanwang at memphis.edu
Mon Apr 7 11:53:51 PDT 2014
On Apr 7, 2014, at 12:24 PM, "Thompson, Jeff" <jefft0 at remap.ucla.edu<mailto:jefft0 at remap.ucla.edu>> wrote:
Hello,
For an application to receive interests and produce content, it needs to send a signed interest to NRD to register the prefix. How does NRD trust the application's public key? Is there a document that explains the trust procedure for an application to register a prefix to receive interests?
I see "" on the wiki, but don't see how NRD will trust the public key of the signed interest.
http://redmine.named-data.net/projects/nrd/wiki/NRD_Prefix_Registration_protocol
Yingdi implemented this part. I think the default policy is to use a trust anchor and as long as the signing key can be verified through a hierarchy rooted at the trust anchor (using hierarchical checking) , then it will be trusted. Of course, the policy may change in the future based on experience.
Here's the validator's configuration file for NRD:
rule
{
id "NRD Prefix Registration Command Rule"
for interest
filter
{
type name
regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]
}
checker
{
type customized
sig-type rsa-sha256
key-locator
{
type name
regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$
}
}
}
rule
{
id "Testbed Hierarchy Rule"
for data
filter
{
type name
regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
}
checker
{
type hierarchical
sig-type rsa-sha256
}
}
trust-anchor
{
type file
file-name "testbed-trust-anchor.cert"
}
Lan
Thank you,
- Jeff T
_______________________________________________
Nfd-dev mailing list
Nfd-dev at lists.cs.ucla.edu<mailto:Nfd-dev at lists.cs.ucla.edu>
http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20140407/7a5dfd7e/attachment.html>
More information about the Nfd-dev
mailing list