[Nfd-dev] PIB service causes remote registration of every prefix

Junxiao Shi shijunxiao at email.arizona.edu
Wed May 6 15:26:55 PDT 2015 

Dear folks

20150506 conference call discussed this problem.
We conclude that it's acceptable to remote register prefixes for all
certificates, because certificates should be made available on the networks
so that others can verify previously generated Data that references those
certificates.
No design change is needed.

Yours, Junxiao

On Thu, Apr 30, 2015 at 12:19 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Dear folks
> This message alerts a potential conflict between PIB service and remote
> registration.
>
> PIB service
> PIB service publishes one or more certificates owned by a laptop user, by
> answering Interests that requesting for those certificate.
> In order to receive those Interests, PIB service needs to register
> prefixes on laptop NFD.
> PIB service may either (1) register the root prefix "ndn:/", or (2)
> register one prefix per certificate.
>
> The advantage of registering the root prefix is that PIB service only
> needs one entry in NFD RIB and FIB.
> The drawback is (a) PIB service will receive many unrelated Interests (b)
> route inheritance flags 'CAPTURE' used by another app would prevent PIB
> service from receive Interests for some certificate.
>
> Due to those drawbacks, PIB service is designed to register one prefix per
> certificate.
>
> Remote registration
> In order for a laptop to receive Interests from the network, NFD RIB
> service can be configured to register local prefixes onto a connected
> gateway router.
> When a local app registers a route in RIB, the RIB will send a
> registration command to the gateway if it is authorized to do so.
>
> The conflict
> When reading #2201 note-12
> <http://redmine.named-data.net/issues/2201#note-12>, I realize that same
> issue can happen with PIB service.
>
> In hierarchical trust model, the user must own a certificate for a certain
> namespace in order to register a prefix under that namespace.
> And then, this certificate is expected to be published in PIB service,
> which means PIB service is going to register a prefix for this certificate.
> The route registered by PIB service in turn triggers NFD RIB service to
> perform remote prefix registration.
>
> The result is: every prefix owned by the user will be registered onto the
> gateway router, even if no other app is using those prefixes.
>
> Is it good or bad?
> Argument can go both ways on whether the result above is good or bad.
>
> Good: The network may want to retrieve those certificates, so it's correct
> to register those prefixes onto the gateway router.
> Bad: Remote registration is designed to register prefixes on demand when
> an app wants to publish. PIB service could be perceived as "not a real
> app". If every prefix is registered, it's no longer "on demand".
>
> Possible solution
> If we want to avoid remote registration for PIB service routes, we could
> add NO_REMOTE_REGISTRATION flag in rib/register command.
>
>
> Yours, Junxiao
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150506/6e41e635/attachment.html>

More information about the Nfd-dev mailing list