[Ndn-interest] Adding HMAC to available NDN signature types
gts at ics.uci.EDU
Tue Sep 23 08:28:20 PDT 2014
I would suggest *not* to use the (single or double) hash of the key itself
as the key-id.
One simple (and reasonably secure) way of computing key-id is as
where "string" is drawn from a set of non-secret session values, e.g.,
endpoint names/addresses, etc.
On Tue, Sep 23, 2014 at 3:12 AM, <Marc.Mosko at parc.com> wrote:
> One could always just double hash the key to get the keyid for hmac.
> Personally, I would think that in general hmac keys need to be agreed on
> by a key exchange protocol so they are rotated periodically. However that
> agreement protocol identifies keys could also be used as the keyid, such as
> a small integer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ndn-interest