[Ndn-interest] Signed interest
tailinchu at gmail.com
Sat Sep 20 11:19:52 PDT 2014
>Using seqNo requires you to persistently remember the last used seqNo (even if the app is turned off), otherwise you cannot guarantee that a seqNo has not been used before.
can we assume that once the underlying connection tears down, the
seqNo resets to 0? so after the app is turned off, you can safely
start from 0 again?
On Sat, Sep 20, 2014 at 11:07 AM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> Changed the topic since it is no longer about the original topic of the
> On Sep 20, 2014, at 10:10 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
> Hi Tai-Lin
> In signed Interest,
> timestamp is to prevent replay attack: the timestamp in a new command must
> be greater than any existing timestamps
> nonce is to guarantee uniqueness; this is useful when producer is not
> checking the timestamp
> Each consumer is expected to have its own unique keypair. Under this
> assumption, the system can tolerate a clock skew of 60 seconds between
> consumer and producer.
> Millisecond granularity is sufficient for the intended usage of signed
> Interest - infrequent command execution.
> Also note that the timestamp is never compared to wallclock after the
> initial command. Therefore, the consumer can operate as follows to send
> frequent commands:
> the initial command must carry a timestamp equal to wallclock
> in each subsequent command, increment timestamp by 1
> in case a command is rejected due to invalid timestamp, it means latest
> timestamp state is lost on the producer, therefore consumer should resend
> the command as an initial command (step 1)
> This is similar to current KeyChain sign Interest operation. The difference
> is that we only increase the timestamp by 1 when the timestamp of an
> interest is the same as the previous one. In the other cases, we simply use
> the current timestamp. Unless there is an app that needs to generate more
> than 1000 signed interests using the same key, this solution should work.
> But this doesn't solve all problems with high-frequency signed Interests.
> See bug 1990.
> As I replied on redmine, if order really matters, the interest sender should
> wait for the confirmation from the interest recipient. And this should be
> enforced by the app.
> Yours, Junxiao
> On Sat, Sep 20, 2014 at 1:06 AM, Tai-Lin Chu <tailinchu at gmail.com> wrote:
>> > I hope you could read the spec of signed interest carefully and think a
>> > little bit more before making the claim above.
>> sorry, I was making an extreme example of unsynced clock (I know that
>> nfd uses unix UTC time).
>> Btw, do you know why we have both nonce and timestamp in signed
>> interest? Will seq no alone solve this problem? I am worried that msec
>> might not be sufficient in the future.
> Using seqNo requires you to persistently remember the last used seqNo (even
> if the app is turned off), otherwise you cannot guarantee that a seqNo has
> not been used before.
More information about the Ndn-interest