<div dir="ltr"><div>Dear folks</div><div><br></div><div>I wonder whether the testbed root certificate should be published over NDN?</div><div>Which node(s) are responsible for publishing this certificate?<br></div><div><br></div><div>Yours, Junxiao<br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <b class="gmail_sendername" dir="auto">Junxiao Shi</b> <span dir="auto"><<a href="mailto:shijunxiao@email.arizona.edu">shijunxiao@email.arizona.edu</a>></span><br>Date: Sat, May 2, 2020 at 11:30 AM<br>Subject: Re: NDN Testbed Root certificate not published<br>To: <<a href="mailto:operators@lists.named-data.net">operators@lists.named-data.net</a>> <<a href="mailto:operators@lists.named-data.net">operators@lists.named-data.net</a>><br></div><br><br><div dir="ltr"><div dir="ltr">
Hi NDNOPS<div><br></div><div>I notice that the "NDN Testbed <span>Root</span>" <span>certificate</span> cannot be retrieved over NDN.</div><div><br></div><div>From <a href="https://named-data.net/ndnsec/ndn-testbed-root-v2.ndncert.txt" target="_blank">https://named-data.net/ndnsec/ndn-testbed-root-v2.ndncert.txt</a> I can see:</div><div><div><span>Certificate</span> name: <font face="monospace, monospace">/ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B</font></div></div><div><br></div><div>However, I cannot retrieve the <span>certificate</span> over NDN.</div><div>To rule out potential connectivity problems, I'm running the commands on Arizona router.</div><div><br></div><div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">ndnpeek -V</font></font></div><div><font face="monospace, monospace">ndnpeek 0.7-1-g7d14815</font></div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">ndnpeek -P
<font face="monospace, monospace">/ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B</font>
</font></font></div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">echo $?</font></font></div><div><font face="monospace, monospace">3</font></div><br></div><div>The second command sets CanBePrefix flag with <span style="font-family:monospace,monospace">-P</span>. There's no response to this Interest.</div><div>ndnpeek exit code is 3. In ndnpeek 0.7, this means InterestLifetime has timed out.</div><br><div><br></div><div>Although <span>root</span> CA <span>certificate</span> retrieval is not a prerequisite of verifying packets, I still think the <span>root</span> <span>certificate</span> should be available over NDN.</div><div><br></div><div>Yours, Junxiao</div>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 8, 2016 at 10:38 AM Junxiao Shi <<a href="mailto:shijunxiao@email.arizona.edu" target="_blank">shijunxiao@email.arizona.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi NDNOPS<div><br></div><div>I notice that the "NDN Testbed Root" certificate cannot be retrieved over NDN.</div><div><br></div><div>From <a href="http://named-data.net/ndnsec/ndn-testbed-root.ndncert.txt" target="_blank">http://named-data.net/ndnsec/ndn-testbed-root.ndncert.txt</a> I can see:</div><div><div>Certificate name: <font face="monospace, monospace">/ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14</font></div></div><div><br></div><div>However, I cannot retrieve the certificate over NDN.</div><div>To rule out potential connectivity problems, I'm running the commands on Arizona router.</div><div><br></div><div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">ndnpeek -V</font></font></div><div><font face="monospace, monospace">ndnpeek 0.2</font></div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">ndnpeek -M 1 /ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14</font></font></div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">echo $?</font></font></div><div><font face="monospace, monospace">3</font></div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">ndnpeek /ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14 | ndn-dissect</font></font></div><div><font face="monospace, monospace">6 (Data) (size: 379)</font></div><div><font face="monospace, monospace"> 7 (Name) (size: 59)</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[ndn]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[KEY]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 17) [[ksk-1397537228649]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 7) [[ID-CERT]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 8) [[%00%00%01Ec%B7%24%14]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 9) [[%FD%00%00%01U%CA%E4%BE%D2]]</font></div><div><font face="monospace, monospace"> 20 (MetaInfo) (size: 7)</font></div><div><font face="monospace, monospace"> 25 (FreshnessPeriod) (size: 2) [[%0F%A0]]</font></div><div><font face="monospace, monospace"> 180 (APP_TAG_1) (size: 1) [[%02]]</font></div><div><font face="monospace, monospace"> 21 (Content) (size: 0) [[...]]</font></div><div><font face="monospace, monospace"> 22 (SignatureInfo) (size: 45)</font></div><div><font face="monospace, monospace"> 27 (SignatureType) (size: 1) [[%01]]</font></div><div><font face="monospace, monospace"> 28 (KeyLocator) (size: 40)</font></div><div><font face="monospace, monospace"> 7 (Name) (size: 38)</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[ndn]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[KEY]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 17) [[dsk-1417416866979]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 7) [[ID-CERT]]</font></div><div><font face="monospace, monospace"> 23 (SignatureValue) (size: 256) [[%0A%9A%7F%044.%FC%FE%BD%E37%F8%3F6K%05%E1%CB%A1%C9T%AE%F4%EC%9E%C9%BC%29%E6uI%9B%CA%7F%06%17%2CA%81%A2%F8%CC%CD%8Fu%D5%AD%E5%90%7E%40w%0B%19%B9%D8%F9%9B%5C%BB%22j%1E%20P%C2%BB%7F%8EE%E5%00%B8%E3Q%2F%E8c%27J%99ll%0B%3F%FE%82%F83%84XS%10k%BD%96%85%8F%96%5E%10s%FC%C5%DC%B6ql%98%9C%C8%FC4%F0%F7%FAarQ%20%06%FEz%13%88H%1D%ED%F6O%09%F4%1B%FEo-%3C6%EE%F5%1E%A2G%19%E4%D2%D9%84%C4%95je%13p%BF%E9%26%B8%60%81%D8%EE%EB%25%3B%F2%FF%CA%D1%06%A4%02%EFf%F5aw%B0%E6%DEQoO%A9%26%F0%0F%A0%C7M%E2%A3%DE2%CE%D2%D6%916%28P%A8%A5%E4%BE%07%98%A9%10%F4%AF%12%20%AB%A5%3B%7C%DF%A8%E9%FB%7F%00%00MD%C1%EC%85%17%95-%D3%EAp%A6F%230%97%8B%DB%E8%CB%EA%F5%EF%B9%B1%1Cz%07E%BB%FD%15]]</font></div></div><div><div><font face="monospace, monospace">shijunxiao@hobo:~$ <font color="#0000ff">curl -s <a href="http://named-data.net/ndnsec/ndn-testbed-root.ndncert" target="_blank">http://named-data.net/ndnsec/ndn-testbed-root.ndncert</a> | ndn-dissect</font></font></div><div><font face="monospace, monospace">6 (Data) (size: 725)</font></div><div><font face="monospace, monospace"> 7 (Name) (size: 48)</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[ndn]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[KEY]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 17) [[ksk-1397537228649]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 7) [[ID-CERT]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 8) [[%00%00%01Ec%B7%24%14]]</font></div><div><font face="monospace, monospace"> 20 (MetaInfo) (size: 3)</font></div><div><font face="monospace, monospace"> 24 (ContentType) (size: 1) [[%02]]</font></div><div><font face="monospace, monospace"> 21 (Content) (size: 359) [[0%82%01c0%22%18%0F20140414000000Z%18%0F20181231235959Z0%190%17%06%03U%04%29%13%10NDN%20Testbed%20Root0%82%01%200%0D%06%09%2A%86H%86%F7%0D%01%01%01%05%00%03%82%01%0D%000%82%01%08%02%82%01%01%00%BF%D7%A2r%0D%13%82%81%20.F%DC%06%9B%DE%E2f%CF%D9%DF%FF%89%D3E%AD%BF%B5%60%CF%9F%93h%B6%AB%3F%FA%1E%22%FF%11%7B.%EB%0Al%15%E4%BA%02%D1%8D%87%09%B0%ED%5B%21W%F9%F7%BFv%D5O%0B%A4%27%D0v%16%B1%05g%EB%DB%A38f%C6w%8Bg%15jpo%C59%DEe%05%98j%1B%20%F0%CD%20%03%E8%CC%15%B4%A4%A6%05a2%C0%1FU%1F%94%08%F8%5C%BC%F9%19%FF%DE%15%1E%83%AA%DC%D6%9E%DF%A4Q%5B%AE%29kD%0A%0A%E5%25%B8TU%AC%08Y%0F%DC%E3%F9%02G3%C7%DA%3AS%89L%B9%EC%B3%DB%E3%82%06%F91k%BFu%2F%1C%60G%D8%F6%8F%CE%A1Yim%E0%9B%0A%84%09v%11%9C%D0%D5%A1%12jS%C7%F5%19%1D%25%04%0C%A4U%EB%AE7%11%3Cz%DF%24-O%DFV%22%9E%3EUP%40%A3%18u%0F%3F%22%E1%E3%C1%8E%00l%0C%94%D6%EE%9D%F1%C6%B7%8E%C5%E5%BF%9D%D2%0A6%953%BF%F5%02%01%11]]</font></div><div><font face="monospace, monospace"> 22 (SignatureInfo) (size: 45)</font></div><div><font face="monospace, monospace"> 27 (SignatureType) (size: 1) [[%01]]</font></div><div><font face="monospace, monospace"> 28 (KeyLocator) (size: 40)</font></div><div><font face="monospace, monospace"> 7 (Name) (size: 38)</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[ndn]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 3) [[KEY]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 17) [[ksk-1397537228649]]</font></div><div><font face="monospace, monospace"> 8 (NameComponent) (size: 7) [[ID-CERT]]</font></div><div><font face="monospace, monospace"> 23 (SignatureValue) (size: 256) [[%21%C8%F5%23H%ED%E5%0A%DDW%0Dd%80%B18%B0%EC%CE9%E1%09rP%85%D6%BD.V%A8%85%C6%13%DC%C9%80%831%B7C%8By%CE%A8%EA%B89-%9C%87%FA%18z1%2A%0A%F4%8BT%BD%00%D5%03%F1W%C9%07S%7C%A6%40%B2%11%A1%C7%B7%A3%12b%B0S%9C%82%B7s%D7%7E%9A%DF%C1%06p%B8%89%A3%90Z6B%98+%C0%DF%DCN%85%C6%92%21%0EC%FE%EB%E6%A5%C2H%01%1A%82b%16%88%B9%DCy%F8%B1%7D%3A%29+%B9%86%5B%E0%03B%BC%AF%0A%1BSz%25%DA%C1k%AA%D3%13%C2%E3%9C%26%C39%28%13%216pk%84n%07rB%81%D3%07H%BF%EF%99%C9Vd%0Es%A8%89n%00%1F%C6%B7K%20.w%92%B2%9E%E5%04W%F0%7DF%0D%FEH%ACB%E6%C0.%E4%29%AD%1BoN%91%27%E8K%2Ca%0Ako%3A%20%E1%DE%00%90%05%B1%0B%B7%C2z%13%85%60E%BD%40%DE%82%DE5%CC%5Etk%0C%E0%A2%C1%CB%AD%94C]]</font></div></div><div><br></div><div>The second command sets MaxSuffixComponents to 1 with <span style="font-family:monospace,monospace">-M 1</span>. This allows the implicit digest. There's no response to this Interest.</div><div>ndnpeek exit code is 3. In ndnpeek 0.2, this means InterestLifetime has timed out.</div><div><br></div><div>The fourth command expresses the Interest without Selectors. There is a response Data to this Interest, but it is not a valid certificate because it lacks MetaInfo/ContentType field.</div><div><br></div><div>The fifth command shows the certificate retrieved over HTTP, as a comparison.</div><div><br></div><div><br></div><div><br></div><div>Although root CA certificate retrieval is not a prerequisite of verifying packets, I still think the root certificate should be available over NDN.</div><div><br></div><div>Yours, Junxiao</div></div>
</blockquote></div></div>
</div></div></div>