[Nfd-dev] NFD Android

Alex Afanasyev aa at cs.fiu.edu
Tue Aug 8 14:29:52 PDT 2017 

> On Jul 23, 2017, at 4:03 PM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
> 
> Hi Alex
> 
> As I understand:
> The certificate obtained from ndncert system is held in NFD's KeyChain.
> App can choose to request a sub-certificate of the certificate in (1) via identity manager API.
> Is the above understanding accurate?

1. Yes, but I rephrase it a bit.  A certificate that is obtained from the outside the phone authority using ndncert protocol can be managed by the KeyChain that belong to NFD Android.  It is not a requirement, rather a convenience option.  Applications may obtain and manage certificates directly from an outside authority if they want so.

2. Yes.  This API can be a version of ndncert protocol (for Android specifically, it can be based on Intents instead of direct interest/data exchanges).

At the same time, for the basic usage, what you mention are correct.  Just those are not the set in stone ways of managing trust on devices.

> 
> I wonder:
> Which package is responsible for publishing the sub-certificate in (2)? NFD-Android or the app?
Could be both.

> What's the user experience of app requesting a sub-certificate through identity manager API? Does it involve user confirmation, or is it fully automated?
It has to involve user confirmation, at least for the initial certificate request.  Zhiyi has implemented a version for similar operations in the command line version of ndncert daemon/client and we need to realize it in Android environment.  This can be as simple as "approve"/"reject" or require entering a PIN code.

-
Alex

> Yours, Junxiao
> 
> On Wed, Jul 19, 2017 at 4:53 AM, Alex Afanasyev <aa at cs.fiu.edu <mailto:aa at cs.fiu.edu>> wrote:
> > How do Android apps communicate with NFD in the NDN app? I suppose apps on Android are sandboxed similarly to iOS (is this wrong?) and not sure how my app would create a unix socket connection with NFD. Likewise, how the app would access the keychain? (disclaimer: my app uses NDN-CPP)
> 
> App to NFD via localhost TCP socket.
> 
> NFD's and Apps Keychain not shared (and should not).  The identity manager that (will be) built into NFD android will be responsible for maintaining "user" specific identities, apps can either maintain completely independent identities or derived from user ones via the identity manager API.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170808/83ffa543/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170808/83ffa543/attachment.sig>

More information about the Nfd-dev mailing list