[Nfd-dev] Secure websocket support in NFD?

Burke, Jeff jburke at remap.UCLA.EDU
Fri Jan 23 12:40:20 PST 2015 

Motivation here is that to use native crypto support emerging in browsers in NDN-JS (with a significant performance gain) requires delivering ndn.js and other elements over TLS.
Jeff

From: Alex Afanasyev <alexander.afanasyev at ucla.edu<mailto:alexander.afanasyev at ucla.edu>>
Date: Fri, 23 Jan 2015 12:30:20 -0800
To: Wentao Shang <wentaoshang at gmail.com<mailto:wentaoshang at gmail.com>>
Cc: nfd-dev <nfd-dev at lists.cs.ucla.edu<mailto:nfd-dev at lists.cs.ucla.edu>>
Subject: Re: [Nfd-dev] Secure websocket support in NFD?

I think besides the basic support from the library, the actual problem with TLS is necessity to get actual CA-issued certificate and then configure it.
I would suggest not having such support (at least not in the near future).

Things can get relative simple if we integrated with Alex Halderman's https://letsencrypt.org/ here, but it still will only apply to NFD’s that has domain names (e.g., some gateway nodes).

—
Alex

On Jan 23, 2015, at 12:21 PM, Wentao Shang <wentaoshang at gmail.com<mailto:wentaoshang at gmail.com>> wrote:

Hi Jeff T,

The WebSocket library we are using in NFD is 'websocketpp'

http://www.zaphoyd.com/websocketpp

It supports WebSocket over TLS but we haven't added that to NFD yet. If there is consensus that this will be useful, we can add wss support in the next release of NFD (the only issue is to pick a port number for wss server).

Best,
Wentao

On Fri Jan 23 2015 at 10:53:50 AM Thompson, Jeff <jefft0 at remap.ucla.edu<mailto:jefft0 at remap.ucla.edu>> wrote:
Hello NFD team,

If a web page is served over https, and the JavaScript in the web page wants to make a WebSocket connection, then this connection must be over secure WebSocket over TLS (wss). This means that if a web page servered over https needs to communicate with an NFD host, then the WebSocket proxy in NFD needs to support secure WebSocket.

Does the WebSocket library used by NFD support secure TLS connections (wss)?

Thanks,
- Jeff T

_______________________________________________ Nfd-dev mailing list Nfd-dev at lists.cs.ucla.edu<mailto:Nfd-dev at lists.cs.ucla.edu> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150123/69718235/attachment.html>

More information about the Nfd-dev mailing list