[Ndn-lib] ndn-cxx: extract identity from signed Interest

Junxiao Shi shijunxiao at email.arizona.edu
Sat Feb 28 23:56:02 PST 2015


Hi Alex

Further question:
Is "KEY", "ksk-", "dsk-" in certificate Names part of protocol, or are they
specific to the hierarchical trust model?
Can one create a valid certificate without having "KEY" and ("ksk-" or
"dsk-") in the Name? How is a certificate distinguished from a regular Data
packet?

Yours, Junxiao

On Fri, Feb 27, 2015 at 7:17 PM, Alex Afanasyev <
alexander.afanasyev at ucla.edu> wrote:

>
> On Feb 27, 2015, at 5:22 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
> Hi Alex
>
> Is ndn-cxx designed to support multiple trust models, or just the
> hierarchy trust model?
>
> ValidatorConf is designed to support multiple trust models.
>
> If it's meant to support multiple trust models, why does ndn-cxx has the
> concept of identity?
>
> My personal view is that it is defined to organize hierarchy of local
> certificates (group by key and identity).  Just convenience, not a
> requirement.
>
>> Alex
>
> Yours, Junxiao
>
> On Feb 27, 2015 4:55 PM, "Alex Afanasyev" <alexander.afanasyev at ucla.edu>
> wrote:
> > Trust model should be defined.  How it is a different question.  In my
> opinion, the only way to define it is in terms of names (data names vs.
> certificate names).  Other elements such as “identity” can be introduced,
> but it is specific to a particular trust model.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-lib/attachments/20150301/c5b475a3/attachment.html>


More information about the Ndn-lib mailing list