[Nfd-dev] PIB service causes remote registration of every prefix

[Junxiao Shi]

Dear folks
This message alerts a potential conflict between PIB service and remote
registration.

PIB service
PIB service publishes one or more certificates owned by a laptop user, by
answering Interests that requesting for those certificate.
In order to receive those Interests, PIB service needs to register prefixes
on laptop NFD.
PIB service may either (1) register the root prefix "ndn:/", or (2)
register one prefix per certificate.

The advantage of registering the root prefix is that PIB service only needs
one entry in NFD RIB and FIB.
The drawback is (a) PIB service will receive many unrelated Interests (b)
route inheritance flags 'CAPTURE' used by another app would prevent PIB
service from receive Interests for some certificate.

Due to those drawbacks, PIB service is designed to register one prefix per
certificate.

Remote registration
In order for a laptop to receive Interests from the network, NFD RIB
service can be configured to register local prefixes onto a connected
gateway router.
When a local app registers a route in RIB, the RIB will send a registration
command to the gateway if it is authorized to do so.

The conflict
When reading #2201 note-12
<http://redmine.named-data.net/issues/2201#note-12>, I realize that same
issue can happen with PIB service.

In hierarchical trust model, the user must own a certificate for a certain
namespace in order to register a prefix under that namespace.
And then, this certificate is expected to be published in PIB service,
which means PIB service is going to register a prefix for this certificate.
The route registered by PIB service in turn triggers NFD RIB service to
perform remote prefix registration.

The result is: every prefix owned by the user will be registered onto the
gateway router, even if no other app is using those prefixes.

Is it good or bad?
Argument can go both ways on whether the result above is good or bad.

Good: The network may want to retrieve those certificates, so it's correct
to register those prefixes onto the gateway router.
Bad: Remote registration is designed to register prefixes on demand when an
app wants to publish. PIB service could be perceived as "not a real app".
If every prefix is registered, it's no longer "on demand".

Possible solution
If we want to avoid remote registration for PIB service routes, we could
add NO_REMOTE_REGISTRATION flag in rib/register command.


Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150430/d31766c2/attachment.html>