[Nfd-dev] Signed Interest processing: alternate to stop-and-wait

[Burke, Jeff]

On Feb 23, 2015, at 10:15 AM, Burke, Jeff <jburke at remap.ucla.edu<mailto:jburke at remap.ucla.edu>> wrote:


As part of early lighting control work, we had already proposed an authenticated interest approach that includes sequence #, timestamp, and RTT estimator as state to avoid replay attacks:
http://named-data.net/publications/nomen13/<http://named-data.net/wp-content/uploads/nomen13.pdf>
(see p4).

(I am not sure why SignedInterest doesn't provide at least an optional sequence number....  Can the ndn-cxx/architecture folks comment on why this was removed from the design?)

I think, ideally, signed interest should be just “signed” interest, that is, it does not add any semantics other than signature info and signature value. The sequencing, timestamp, and nonce are not related to signature, they are attributes of command. In an early version of ndn-cxx, there was a command interest which is a signed interest but with more information about timestamp and nonce. And at time, the command interest is designed for local NFD control where interests are rarely out-of-order, so sequencing is not added into the command interest. The original idea is that one can always develop a helper for a specific command interest based on signed interest by introducing any necessary command attribute. But why command interest is later merged into signed interest is another story…


This explanation helps...  You might consider incorporating this into the documentation – it is presented more generally here, for example: http://redmine.named-data.net/projects/nfd/wiki/Command_Interests

Jeff


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150225/fa2ba14b/attachment.html>