[Ndn-interest] Describe the HMAC algorithm in SignatureHmacWithSha256?

Thompson, Jeff jefft0 at remap.ucla.edu
Tue Jun 2 09:03:39 PDT 2015

Hi Gene,

As Tai-Lin suggests, the Name in a KeyLocator does not need to be a
globally fetchable name. Indeed it is part of the NDN design that names
can be non-global, and this is used often in NFD (e.g. /localhost command

So, could the Key ID be put in a (non-global) key Name in the KeyLocator?

- Jeff T

On 2015/6/1, 20:13, "GTS" <gts at ics.uci.EDU> wrote:

>FWIW, I think Marc is quite right about this issue. What should be used
>here is a Key ID, and not
>anything derived (e.g., a hash) of the actual key. Indeed, a key digest
>is only appropriate in
>public key settings. In the symmetric case (such as HMAC), using a key
>digest is not advisable.
>  ======================
>  Gene Tsudik
>  Chancellor's Professor of Computer Science
>  University of California, Irvine
>On 6/1/15 4:24 PM, Marc.Mosko at parc.com wrote:
>> ...
>> For symmetric key systems, like HMAC, I think it is also acceptable to
>>use an agreed upon integer identifier for the shared secret, as
>>determined by a key exchange protocol (e.g. an ISAKMP SPI).  I don¹t
>>think that symmetric key KeyDigests need to be derived from the key.
>>That¹s different than public key systems, where the the KeyDigest is
>>used like the Subject Key Identifier (RFC 5280 and derived from
>>the actual public key.
>> Marc
>Ndn-interest mailing list
>Ndn-interest at lists.cs.ucla.edu

More information about the Ndn-interest mailing list