[Nfd-dev] LINK spec discussion

Burke, Jeff jburke at remap.ucla.edu
Sun Sep 14 15:37:47 PDT 2014 

Hi,

Maybe I am coming into the middle of another discussion, but I still have
yet to understand the status (and the choice of name) for NDNS.

Is this new component now a "given" in the architecture?  Or, is it an
example of where LINKs may come from?

Junxiao uses the phrase "perform a NDNS lookup for /ndnsim" - is this
different than just issuing an Interest for "/ndnsim"?

Jeff

On 9/12/14, 4:40 PM, "Alex Afanasyev" <alexander.afanasyev at ucla.edu> wrote:

>Hi!
>
>I want continue our discussion about LINK specification
>(named-data.net/downloads/memos/link.pdf).
>
>Currently we preliminary defined three elements:
>
>a) link for redirection:
>   
>    signA("nameA", content: "nameB")
>
>b) link for delegation
>
>    signA("nameA", content: signB("nameB", content: "prefixOfNameA"))
>
>c) "link" for encapsulation
>
>    sha256("nameB" | "nameA", content: ("delegation or redirection link",
>data("nameA"))
>
>
>The option (b) is the latest addition and I have some reservations about
>it.  In particular, what exactly this delegation achieves?  What security
>problem we are solving with it.
>
>Let me give some example of (b).  I own a "non-routable" namespace
>/ndnsim and my site is connected to /att and /ucla networks.  So, the (b)
>option would require:
>
>- I will have to obtain a "redirection" links from /att and /ucla to
>/ndnsim (option (a)) = get a permission from /att and /ucla to host
>/ndnsim site
>
>- Then I will create a delegation packet(s) that I can put in NDNS to
>tell others that my site is currently available through /att and /ucla.
>
>The process looks ok, but the question I have is what significance is in
>the first permission.  What is the point of me of requesting permission
>from my provider to host a website?  What I would gain and what provider
>itself would gain?
>
>I personally, do not yet see a clear benefit from this process, only that
>it would complicate the delegation process.  Only me is able to tell
>others that my site is available at different places, so there is no
>question about others claiming that my site is available somewhere else.
> If I mistakenly put a wrong link, then I myself will be at loss: i
>wouldn't be able to serve my content and somebody else would receive my
>interests and could reply to them with some junk.
>
>If I "maliciously" put somebody else's network as a link, then interests
>for my data would go there.  But what is the harm?  If nobody replies to
>them, then routers can start ignoring/pushing back such interests.  If
>somebody replying, then somebody serves data and from the network point
>of view nothing bad is happening.
>
>
>In short, I want us have a deep discussion on what exactly we are
>protecting and from whom.  For me, even with only one signature (option
>a), only the owner of the original namespace (/ndnsim) is able to create
>a legitimate link to somewhere else.   Additional signature could protect
>"provider" (destination of the link), but is it really a problem?
>Anybody could send any number of interests to that provider even without
>any link (erroneous or malicious).
>
>
>---
>Alex
>
>
>
>_______________________________________________
>Nfd-dev mailing list
>Nfd-dev at lists.cs.ucla.edu
>http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

More information about the Nfd-dev mailing list