[Ndn-interest] [Question] Where is the public key should be stored?

Pengyuan Zhou zpymyyn at gmail.com
Sun Apr 16 06:08:24 PDT 2017

Hi Jeff,

Thanks for your reply and those helpful paper.

Seems that NDN separate signature and encryption, putting encryption to application’s responsibility.

It makes sense, although I’m not sure if that’s a good idea. Seems more trust need to be given to applications, which is not very trustful ( since “security” is protecting us from those malicious applications).



> On 14 Apr 2017, at 21:05, Thompson, Jeff <jefft0 at remap.ucla.edu> wrote:
> Hi Pengyan,
> There are two categories of keys: Encryption keys (for example to encrypt data in a TLS session) and signing keys (for example to make an RSA signature which authenticates a packet). The NDN KeyLocator is used for the second category, to name a certificate which has the public key of the private key that make the packet’s signature. Packet signatures are part of the NDN protocol at the network layer. This paper describes one approach and has use case examples:
> https://named-data.net/wp-content/uploads/2015/06/ndn-0030-2-trust-schema.pdf <https://named-data.net/wp-content/uploads/2015/06/ndn-0030-2-trust-schema.pdf> 
> Encrypting data is handles at the application layer (and does not use the packet’s KeyLocator). This paper shows a way to distribute encryption keys for group-based access control:
> https://named-data.net/wp-content/uploads/2016/02/ndn-0034-2-nac.pdf <https://named-data.net/wp-content/uploads/2016/02/ndn-0034-2-nac.pdf> 
> Thanks,
> - Jeff T
> On 2017/4/14, 11:55:35, "Ndn-interest on behalf of Pengyuan Zhou" <ndn-interest-bounces at lists.cs.ucla.edu <mailto:ndn-interest-bounces at lists.cs.ucla.edu> on behalf of zpymyyn at gmail.com <mailto:zpymyyn at gmail.com>> wrote:
>> Hi all,
>> According to my understanding, the KeyLocator has the storage location of the key.
>> My question is where normally should the key be stored, especially for secure transmission?
>> Since NDN is not end-to-end, there might not be thing like "TLS handshake”, or is there?
>> If not, then how does NDN realise the agreement of "Master Secret and Session key” (or sth. similar)?
>> Seems to me that all the key info including the KeyLocator are predefined before transmission, is that realistic?
>> There might be understanding, please correct me if so.
>> Thanks.
>> Best,
>> Pengyuan Zhou
>> University of Helsinki
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu <mailto:Ndn-interest at lists.cs.ucla.edu>
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest <http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170416/717d2412/attachment.html>

More information about the Ndn-interest mailing list