[Ndn-interest] NLSR security settings
A K M Mahmudul Hoque (ahoque1)
ahoque1 at memphis.edu
Mon Aug 4 09:04:07 PDT 2014
________________________________________
From: Ndn-interest <ndn-interest-bounces at lists.cs.ucla.edu> on behalf of Salvatore Signorello <unict.signorello at gmail.com>
Sent: Monday, August 4, 2014 10:55 AM
To: ndn-interest at lists.cs.ucla.edu
Subject: [Ndn-interest] NLSR security settings
Hi all,
I'm not able to figure out why they've provided a different sequence of
commands into the security settings tutorial
"$NLSR_HOME/docs/SECURITY.md" between point 1 and points 2,3,4 into the
section "##Example". That is, in point 1 they use two commands to
generate a signed-certificate of the key:
$ndnsec-key-gen -n /ndn
$ndnsec-sign-req /ndn > root.cert
even if the same result can be obtained just using the first command
$ndnsec-key-gen -n /ndn > root.cert
---- Yes you are correct. We kept two steps here so that every key signing looks same
---- at least the number of steps. Thank you for your feedback
as they do after for the other keys in points 2,3,4.
I understand that they wanted to outline that in the first case the key
has been self-signed, but I would have used just one command putting
some more info into the filename, e.g.,
$ndnsec-key-gen -n /ndn > self-signed_root.cert
imho what could be misleading going through the tutorial is the fact
that thereafter in points 2-3-4 they use filenames with the prefix
"unsigned-" to name keys that are indeed signed.
---- Again you are correct. They are self signed. But Self signed certificate
---- will not serve the purpose of building hierarchy. Thank you for your
---- Nice comments. We will try to make the tutorial free from ambiguity
And what about the option of fetching a unsigned version of the key
using another ndnsec tool and passing that one to ndnsec-cert-gen, would
it feel better?
Please let me know if I've well understood or I've missed something
important,
best,
Salvo
_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
More information about the Ndn-interest
mailing list