[Ndn-interest] Adding HMAC to available NDN signature types

Gene Tsudik gts at ics.uci.EDU
Tue Sep 23 08:28:20 PDT 2014


I would suggest *not* to use the (single or double) hash of the key itself
as the key-id.
One simple (and reasonably secure) way of computing key-id is as
HMAC(key,string)
where "string" is drawn from a set of non-secret session values, e.g.,
timestamp, seq#,
endpoint names/addresses, etc.

Cheers,
Gene



On Tue, Sep 23, 2014 at 3:12 AM, <Marc.Mosko at parc.com> wrote:

> One could always just double hash the key to get the keyid for hmac.
>
> Personally, I would think that in general hmac keys need to be agreed on
> by a key exchange protocol so they are rotated periodically.  However that
> agreement protocol identifies keys could also be used as the keyid, such as
> a small integer.
>
> Marc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140923/ff7357cf/attachment.html>


More information about the Ndn-interest mailing list