[Ndn-interest] running problems about nlsr

Junxiao Shi shijunxiao at email.arizona.edu
Mon Mar 2 08:07:01 PST 2015 

Hi Vince

If I set "any" trust anchor, do I still need to create the certificates?
Will the router create certificates automatically?
If certificates are created automatically but I later revert the trust
anchor setting, I'll need to delete those untrusted certificates, correct?

Yours, Junxiao
On Mar 2, 2015 9:03 AM, "Vince Lehman (vslehman)" <vslehman at memphis.edu>
wrote:

>  Hi Shuo,
>
>  If you would like to make sure that security is the issue, you can
> disable security by commenting out the below lines and changing the type to
> “any":
>
>   ...
>      trust-anchor
>      {
>        type any
>        ;file-name "root.cert"
>      }
>  ...
>
>  ;cert-to-publish "router.cert"  ; required, a file containing the router
> certificate.
>
>  It is important though that you leave the rest of the security section
> unmodified.
>
> --
>  Vince Lehman
>
>  On Mar 2, 2015, at 2:02 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
>  Hi Shuo
>
> I don't know whether that's possible, but this is a bad idea in any
> production deployment.
>
> Yours, Junxiao
> On Mar 2, 2015 12:44 AM, "Shuo Chen" <chenatu2006 at gmail.com> wrote:
>
>> Can I temporarily turn off the security function by adding the config
>> below?
>>
>>  security
>> {
>>   validator
>>   {
>>     trust-anchor {
>>         type any
>>     }
>>   }
>> }
>>
>> On Mon, Mar 2, 2015 at 3:30 PM, Junxiao Shi <shijunxiao at email.arizona.edu
>> > wrote:
>>
>>> Hi Shuo
>>>
>>> Follow this manual to create certificates.
>>> http://named-data.net/doc/NLSR/current/SECURITY-CONFIG.html
>>>
>>> It's critical to get the certificate chain right. This thread has some
>>> command lines:
>>> http://www.lists.cs.ucla.edu/pipermail/nfd-dev/2014-November/000616.html
>>>
>>> Yours, Junxiao
>>>
>>> On Mar 2, 2015 12:24 AM, "Shuo Chen" <chenatu2006 at gmail.com> wrote:
>>> >
>>> > I did not create any certificates.
>>>
>>
>>   _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20150302/5bbeaab7/attachment.html>

More information about the Ndn-interest mailing list