<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi Peter</div><div class=""><br class=""></div><div class="">This question does not belong to nfd-dev, because it relates to trust model design and not NFD.</div><div class="">I will forward the message to another mailing list and CC you.</div><div class=""><br class=""></div><div class="">NFD’s automatic prefix propagation feature will use the shortest identity available in the KeyChain, which is /ndn/edu/ucla/remap/mrfoo in your example.</div><div class="">Longer, application generated identities do not affect NFD operations.</div><div class=""><br class=""></div><div class="">Yours, Junxiao</div><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 30, 2016, at 2:14 PM, Gusev, Peter <<a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Thanks! this clarifies a bit…<br class="">
<br class="">
i think it’s a good time to ask of the “canonical” way applications should behave in terms of generating certificates/identities.<br class="">
<br class="">
here’s how I see it now (with the example of user “mrfoo” form remap institution):<br class="">
<br class="">
<b class="">• User gets testbed certificate (which reflects her identity - can I say that?):</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo<br class="">
<div class=""><b class="">• his public key is:</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ksk-12345…
<div class=""><br class="">
</div>
<div class=""><b class="">• user launches app for the first time and (</b><b class="">based on user’s identity</b><b class="">) it generates “app identity” for signing instance certificates:</b></div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon<br class="">
<b class="">• app’s public key and certificate:</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/ksk-<timestamp></div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/KEY/ksk-<timestamp>/ID-CERT</div>
<div class=""><br class="">
<b class="">• app uses app certificate to create an “instance identity”:</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/instance<timestamp><br class="">
<b class="">• app instance public key and cert:</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/instance<timestamp>/dsk-<timestamp></div>
<div class=""><span class="Apple-tab-span" style="white-space: pre;"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/instance<timestamp>/KEY/dsk-<timestamp>/ID-CERT</div>
<div class=""><br class="">
<b class="">• app instance registers prefix and serves data under this prefix:</b><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/instance<timestamp></div>
<div class=""><br class="">
<b class="">• app’s data packets are signed with instance certificate and keylocator is:</b><br class="">
<span class="Apple-tab-span" style="white-space: pre;"></span>–/ndn/edu/ucla/remap/mrfoo/ndncon/instance<timestamp>/KEY/dsk-<timestamp>/ID-CERT<br class="">
<b class=""><br class="">
</b></div>
<div class=""><b class="">• app adds instance certificate to its’ memory content cache so that it can answer incoming interests with keylocator name </b><br class="">
<br class="">
looking forward for your feedback. <br class="">
<br class="">
<div class="">Thanks, <br class="">
<br class="">
-- <br class="">
Peter Gusev<br class=""></div>
</div>
</div>
</div>

</div></blockquote></div><br class=""></body></html>