[Ndn-interest] [Question] What's the purpose of the NFD's default signing key?

[Lei Pi]

Hi,

While
​reading
 documents on redmine, I found myself confused
​ with​
​
​
​
​
the "*Using registerPrefix with NFD*" part of article "*Application
Development Documentation / Guides*"[1].
​ ​
The original text of the article goes as follows:

>>> When you install NFD, it installs a default signing key on your system.
For registerPrefix to create a signed command interest using this default
signing key, your application needs to use the default KeyChain constructor
and call setCommandSigningInfo so that the Face can sign the command
interest created by registerPrefix

​But
​ ​
when an application sends out a command interest, the recipient
​should
 check if the interest's signing key is finally signed by an
​administrator's
 signing key in order to reject unauthorized commands
​.​


So what's the purpose of the NFD's default signing key? Why should the app
use this key
​ to initialize its identity​
? Note the NFD's default signing key is not signed by anyone
​[2].​

If it is also
​ for
 defend
​ing​
against unauthorized command interests, then any local app, including
possible malwares, can also use this key to sign their interest by simply
using the default keychain.
If not, what other purpose could it be?


​[1] https://redmine.named-data.net/projects/application-
development-documentation-guides/wiki/Using_Client_
Libraries_with_NDNx_vs_NDNx-TLV_vs_NFD#Using-registerPrefix-with-NFD
​[2] https://github.com/named-data/NFD/blob/master/tools/nfd-start.sh#L42 ​

​

Thank you. ​
-- 
Regards,
Lei
​Pi
University of Memphis​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170221/37572566/attachment-0001.html>