[Ndn-interest] NLSR security settings

A K M Mahmudul Hoque (ahoque1) ahoque1 at memphis.edu
Mon Aug 4 09:04:07 PDT 2014 

________________________________________
From: Ndn-interest <ndn-interest-bounces at lists.cs.ucla.edu> on behalf of Salvatore Signorello <unict.signorello at gmail.com>
Sent: Monday, August 4, 2014 10:55 AM
To: ndn-interest at lists.cs.ucla.edu
Subject: [Ndn-interest] NLSR security settings

Hi all,

I'm not able to figure out why they've provided a different sequence of
commands into the security settings tutorial
"$NLSR_HOME/docs/SECURITY.md" between point 1 and points 2,3,4 into the
section "##Example". That is, in point 1 they use two commands to
generate a signed-certificate of the key:

$ndnsec-key-gen -n /ndn
$ndnsec-sign-req /ndn > root.cert

even if the same result can be obtained just using the first command

$ndnsec-key-gen -n /ndn > root.cert

---- Yes you are correct. We kept two steps here so that every key signing looks same
---- at least the number of steps. Thank you for your feedback

as they do after for the other keys in points 2,3,4.
I understand that they wanted to outline that in the first case the key
has been self-signed, but I would have used just one command putting
some more info into the filename, e.g.,

$ndnsec-key-gen -n /ndn > self-signed_root.cert

imho what could be misleading going through the tutorial is the fact
that thereafter in points 2-3-4 they use filenames with the prefix
"unsigned-" to name keys that are indeed signed.

---- Again you are correct. They are self signed. But Self signed certificate
---- will not serve the purpose of building hierarchy. Thank you for your
---- Nice comments. We will try to  make the tutorial free from ambiguity


And what about the option of fetching a unsigned version of the key
using another ndnsec tool and passing that one to ndnsec-cert-gen, would
it feel better?

Please let me know if I've well understood or I've missed something
important,
best,
Salvo



_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest

More information about the Ndn-interest mailing list