[Ndn-interest] [Question] What's the purpose of the NFD's default signing key?

Lan Wang (lanwang) lanwang at memphis.edu
Wed Feb 22 19:59:36 PST 2017


Lei,

Alex would be a better person to explain this.  My questions about your questions below:

On Feb 21, 2017, at 12:55 PM, Lei Pi <lpi at memphis.edu<mailto:lpi at memphis.edu>> wrote:

Hi,

While
​reading
 documents on redmine, I found myself confused
​ with​
​
​
​
​
the "Using registerPrefix with NFD" part of article "Application Development Documentation / Guides"[1].
​ ​
The original text of the article goes as follows:

>>> When you install NFD, it installs a default signing key on your system. For registerPrefix to create a signed command interest using this default signing key, your application needs to use the default KeyChain constructor and call setCommandSigningInfo so that the Face can sign the command interest created by registerPrefix

​But
​ ​
when an application sends out a command interest, the recipient
​should
 check if the interest's signing key is finally signed by an
​administrator's
 signing key in order to reject unauthorized commands
​.​


How do you know "the recipient
​should
 check if the interest's signing key is finally signed by an
​administrator's
 signing key in order to reject unauthorized commands
​.​“?  What checking is needed depends on the trust model.  What’s the trust model here?

So what's the purpose of the NFD's default signing key? Why should the app use this key
​ to initialize its identity​
? Note the NFD's default signing key is not signed by anyone
​[2].​

The line you are referring to doesn’t seem to be relevant to "the NFD's default signing key is not signed by anyone
​“.

If it is also
​ for
 defend
​ing​
against unauthorized command interests, then any local app, including possible malwares, can also use this key to sign their interest by simply using the default keychain.

The assumption is that local apps are trusted if they are allowed to run.  There needs to be checking before they are launched.  The secure launcher part is not implemented (or designed) yet.

Lan

If not, what other purpose could it be?


​[1] https://redmine.named-data.net/projects/application-development-documentation-guides/wiki/Using_Client_Libraries_with_NDNx_vs_NDNx-TLV_vs_NFD#Using-registerPrefix-with-NFD
​[2] https://github.com/named-data/NFD/blob/master/tools/nfd-start.sh#L42 ​

​

Thank you. ​
--
Regards,
Lei
​Pi
University of Memphis​
_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu<mailto:Ndn-interest at lists.cs.ucla.edu>
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170223/03ecabb8/attachment.html>


More information about the Ndn-interest mailing list