[Nfd-dev] KEY in certificate names

Gusev, Peter peter at remap.ucla.edu
Wed Mar 30 13:51:15 PDT 2016 

Junxiao,

every data packet signed with my certificate has a keylocator.
question - a Keylocator is a name of certificate (or public key)?
does consumer uses keylocator as-is to issue interest with corresponding name?

Thanks,

--
Peter Gusev

peter at remap.ucla.edu<mailto:peter at remap.ucla.edu>
+1 213 5872748
peetonn_ (skype)

Software Engineer/Programmer Analyst @ REMAP UCLA

Video streaming/ICN networks/Creative Development

On Mar 30, 2016, at 1:40 PM, Junxiao Shi <shijunxiao at email.arizona.edu<mailto:shijunxiao at email.arizona.edu>> wrote:

Hi Jeff

The KeyChain is organized in three levels: identity - key - certificate.
An identity name is user specified. An identity requested through ndncert system is derived from your email address.
A key name is the identity name plus an arbitrary component, which usually starts with "ksk-" or "dsk-".
A certificate name is the key name with a "KEY" inserted at somewhere before the last component, and appended with "ID-CERT". A certificate requested through ndncert system has its "KEY" component inserted after the institution's site prefix but before user's email username. A certificate signed through other means can have its "KEY" component appear elsewhere.

When #3568 turns off nfd-autoreg for site prefix, as indicated in the "implication" of that issue, only those certificates requested through ndncert system would be usable with automatic prefix propagation.
These certificates are published in a repository running on the gateway router. That repository has a prefix registration like /ndn/edu/arizona/KEY, so that it can receive Interests asking for the certificate of a user. The main reason for having the "KEY" component after the institution's site prefix is to enable such a repository to register this prefix and receive Interests for certificates but not other Interests.

Yours, Junxiao
On Mar 30, 2016, at 12:21 PM, Thompson, Jeff <jefft0 at remap.ucla.edu<mailto:jefft0 at remap.ucla.edu>> wrote:

Hi Peter,

I’m looking at the list of test bed certificates:
http://ndncert.named-data.net/cert/list/html

It seems that everyone’s certificate name has KEY in a weird place. For example:
/ndn/edu/ucla/KEY/cs/haitao/ksk-1456165717090/ID-CERT/%FD%00%00%01S%0A%82B%B2
/ndn/edu/ucla/remap/KEY/peter/ksk-1457996583505/ID-CERT/%FD%00%00%01S%80H%FE%12

Have you talked with the NFD team about this? Will it cause a problem with automatic prefix propagation in NdnCon?

Thanks,
- Jeff T



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20160330/7f2df696/attachment.html>

More information about the Nfd-dev mailing list