[Nfd-dev] Question about doing remote prefix registration using Android app

Junxiao Shi shijunxiao at email.arizona.edu
Thu Aug 10 15:19:32 PDT 2017 

Hi Haitao

"authorization rejected" can be caused by many reasons. The router cannot
tell you the exact cause due to security reason. The router should write
the cause into its logs but that is not yet implemented.

Given you have tried an equivalent certificate with NFD-RIB, I assume
certificate issuance and trust schema configuration have no problem. You
can look at the following possible causes:

   - Is the Java code creating well-formed command Interests? Is the
   KeyLocator correct?
   - Can the router retrieve your certificate?
   - Is the Java code creating valid signatures?
   - Is the clock skew between router and end host too great?
   NFD-RIB is very sensitive to clock skew and would reject if the time
   difference is more than 3 seconds. It's also not configurable, but v2
   relaxed this to 60 seconds.

If you have access to the router, setting "Forwarder DEBUG" loglevel can
help you debug.

Yours, Junxiao

On Thu, Aug 10, 2017 at 1:02 PM, Haitao Zhang <zhtaoxiang at gmail.com> wrote:

>
> My NDNFit Android app needs to do remote prefix registration on the
> testbed, so Interests can be forwarded to the Android device, then the
> NDNFit Android app.
>
> (2) Create an interest /localhop/nfd/rib/register/<control parameter
> including the prefix I want to register>, sign it using
> /org/openmhealth/KEY/uLsLn5csbB/ksk-1502352233531/ID-CERT/%
> FD%00%00%01%5D%CB+%E5S
> which is further signed by
> NDNFit trust anchor /org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%
> 00%01Z%F8%B9%1Et
>
> (4) I got an data packet containing a message "authorization rejected".
>
> Best,
> -Haitao
>
>

> *To verify that the configuration works, John requested a key from NDNFit
> cert management website http://128.97.98.8:5001/
> <http://128.97.98.8:5001/> (it is ported from ndncert website and works the
> same way as ndncert website) and did the following (quote his email here):*
> ... I was able to register a prefix and have it propagate on the Testbed
> with readvertise.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170810/cac7ff3f/attachment.html>

More information about the Nfd-dev mailing list