[Nfd-dev] delegate prefix registration

Junxiao Shi shijunxiao at email.arizona.edu
Tue Jul 19 12:16:50 PDT 2016 

Hi Jeff

The blog post promised below has been posted:
Issue Your Own NDN Certificates
https://yoursunny.com/t/2016/ndncert/

Yours, Junxiao

On Wed, Jun 15, 2016 at 4:38 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Jeff
>
> As indicated in #3568 <http://redmine.named-data.net/issues/3568> issue
> description, ndncert certificates will be required until #2766
> <http://redmine.named-data.net/issues/2766> and related functions are
> available.
> #2766 itself is blocked by KeyChain refactoring, so it's unlikely to be
> available in next 6 months.
>
> For now, you have to request a user certificate for each and every
> machine. You could use subaddressing (see RFC5233
> <https://tools.ietf.org/html/rfc5233>) to request certificates for each
> machine, such as peter+freeculture at remap.ucla.edu
> peter+confbridge at remap.ucla.edu , instead of creating whole new mailboxes.
> Note that although you can request multiple user certificates with the
> same email address ( peter at remap.ucla.edu ) or copy the same user
> certificate onto multiple machines, doing so would cause those machines to
> register the same prefix on the router and rely on strategy to determine
> the correct route, which can worsen forwarding performance.
>
> I do have a method to create delegated certificates like what Peter is
> trying to do, using only supported software.
> The basic idea is to publish certificates on an always-on server, so that
> testbed router can retrieve it.
> I'll write a blog post about this soon.
>
> Yours, Junxiao
>
> On Wed, Jun 15, 2016 at 3:34 AM, Burke, Jeff <jburke at remap.ucla.edu>
> wrote:
>
>> How / when are we going to be able to delegate in this way?
>> We have many machines that are not directly associated with a user cert.
>>
>> Jeff
>>
>>
>>
>> *From: *Nfd-dev <nfd-dev-bounces at lists.cs.ucla.edu> on behalf of Junxiao
>> Shi <shijunxiao at email.arizona.edu>
>> *Date: *Monday, June 13, 2016 at 9:53 PM
>> *To: *"Gusev, Peter" <peter at remap.ucla.edu>
>> *Cc: *"<nfd-dev at lists.cs.ucla.edu>" <nfd-dev at lists.cs.ucla.edu>
>> *Subject: *Re: [Nfd-dev] [ndn] NDN Seminar: Practical Congestion Control
>> for NDN
>>
>>
>>
>> These sequence are incorrect. You cannot use any certificate other than
>> the one directly requested from ndncert.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20160719/e5a59491/attachment.html>

More information about the Nfd-dev mailing list