[Nfd-dev] Intended scope of client.conf

Yingdi Yu yingdi at CS.UCLA.EDU
Tue Aug 19 09:25:42 PDT 2014 

Hi Jeff,

On Aug 18, 2014, at 4:35 PM, Burke, Jeff <jburke at remap.ucla.edu> wrote:

> So, the idea is that client.conf provides per-user configuration for NDN applications that gives the default keystore and mechanism for connecting to the local daemon.   For now, the default keystore specified in this configuration must be used if an application wants to interact with the identities/keys manipulated by the ndnsec tools.  
> Is that the right way to state it? 

This client.conf is the configuration file of ndn-cxx, so all apps (including ndnsec) compiled against ndn-cxx will use the keystore info in this file as the default configuration. If an app wants to access the identities/keys created through ndn-cxx, the paths in the conf file should be the right place to go.

> - NFD and NRD use their own system-wide configuration file, not client.conf.    The unix socket they use is defined in their nfd.conf file.  But where is the keystore for the keys used by NFD and NRD, and how is it configured?  I couldn't find this in the developers guide. 

NFD and NRD are built against ndn-cxx, so they use the keystore info in the client.conf. We will clarify that in the dev guide.

> - It is assumed that there is only one installation of NFD/NRD per host.  So, shouldn't the socket configuration and protocol be per-host rather than per user?  I understand that for convenience they may be in client.conf, but want to confirm...

We may have per-host config for socket, but for keystore info, it might be better to keep per-user configuration.

> perhaps their should be a client-default.conf in the same place as nfd.conf, and just override it from ~/.ndn/client.conf? 

I think a client-default.conf is possible if we set user's home directory as the default path to keystore. 

> - There is an operator identity created by default at the time of installation of NFD/NRD.   This seems to be associated with the user who installed the software.   For NDN applications that run under other (non-root) users, is the idea that they can use their own client.conf settings, but the operator of the machine will need to authorize their key to sign things like prefix registration commands for the daemon? 

Ideally yes, but command interest validation is turned off.

> - Because it uses ndn-cxx, ndnsec manipulates the PIB/TPM for the current user, based on the settings in that user's client.conf.  Is that correct?  This may need to be clarified in the documentation.   Also, ndnsec-list does not seem to take into account the TPM setting, it just lists all of the keys in the PIB for the user.  Perhaps it could indicate which TPM they are stored in, to aid debugging?  

ndn-cxx internally maintains the consistency between PIB and TPM. Right now ndn-cxx assumed that there is only one TPM for one PIB, so we do not list the TPM information for each key. But I think we may need the TPM info when PIB handles multiple TPMs at the same time.

Yingdi


> 
> 
> Thanks,
> Jeff
> 
> 
> From: Alex Afanasyev <alexander.afanasyev at ucla.edu>
> Date: Mon, 18 Aug 2014 15:49:59 -0500
> To: Steve DiBenedetto <dibenede at cs.colostate.edu>
> Cc: Jeff Burke <jburke at remap.ucla.edu>, "nfd-dev at lists.cs.ucla.edu" <nfd-dev at lists.cs.ucla.edu>
> Subject: Re: [Nfd-dev] Intended scope of client.conf
> 
>> 
>> On Aug 18, 2014, at 3:38 PM, Steve DiBenedetto <dibenede at cs.colostate.edu> wrote:
>> 
>>> 
>>> On Aug 18, 2014, at 2:25 PM, Burke, Jeff <jburke at remap.UCLA.EDU> wrote:
>>> 
>>>> 
>>>> Hi folks,
>>>> 
>>>> Is there any specification for the purpose and scope of client.conf.  E.g., how it can be located, what can be specified there, and what code should pay attention to it?
>>> 
>>> I'm not aware of a full specification for the current client.conf. Here's the original client.conf redmine issue that covers file format, location, and some parameters: http://redmine.named-data.net/issues/1364 .
>> 
>> This is basically the spec.  A new addition that was made long time ago was part of http://redmine.named-data.net/issues/1532  and is documented in http://redmine.named-data.net/projects/ndn-cxx/wiki/KeyChainConf
>> 
>> ---
>> Alex
>> 
>>> 
>>>>   
>>>> 
>>>> We need to consider how to handle this specification in the NDN-CCL libraries, and would prefer to work from a design specification rather than existing code in ndn-cxx.   For code like ndn-js, it may not always apply, so we need to understand defaults and assumptions, too. 
>>>> 
>>>> Please see:
>>>> http://redmine.named-data.net/issues/1850
>>>> 
>>>> Thanks,
>>>> Jeff
>>>> 
>>>> _______________________________________________
>>>> Nfd-dev mailing list
>>>> Nfd-dev at lists.cs.ucla.edu
>>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>>> 
>>> _______________________________________________
>>> Nfd-dev mailing list
>>> Nfd-dev at lists.cs.ucla.edu
>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>> 
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20140819/c1364e89/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20140819/c1364e89/attachment.bin>

More information about the Nfd-dev mailing list