[Ndn-interest] Adding HMAC to available NDN signature types

Junxiao Shi shijunxiao at email.arizona.edu
Tue Sep 23 08:47:32 PDT 2014

Dear folks

It appears to me that HMAC, as a signing algorithm that requires a
symmetric key, is suitable only for realtime applications with a small
number of mutually trusted participants.
The reasons are:

   - Participants must be mutually trusted, because any participant who
   wants to verify Data must know the symmetric key, and knowing the symmetric
   key allows a participant to sign Data as well.
   - Verifying old Data requires knowing the symmetric key. However, it's
   impossible to establish mutual trust when the participant who generated the
   Data is gone. Thus HMAC is suitable for realtime applications only, where
   all participants are still alive.

To use HMAC signing, we must first use existing pubkey signing methods to
establish mutual trust between participants, and negotiate a symmetric key.
This key should also be rotated periodically.
The mechanism for key management should be designed, in order for HMAC
signing to be useful.

Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140923/d6556735/attachment.html>

More information about the Ndn-interest mailing list