[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Fri Jul 27 13:04:12 PDT 2018

Hi Junxiao,

Thank you for your clarification.
The reason why it got nack is because of the prefix registration:

In UCLA's server, I run the prefix registration tool and set the expiration
time to be 30 days. (I modified the tool based on your ndn6-tool)
However, what I saw is that the rib entry I created would disappear after
some time.

Any suggestion to fix this?

Best,
Zhiyi

On Fri, Jul 27, 2018 at 12:54 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> I tested ndncert-client and it did not work.
>
> NFD is running on your device and your NFD has connected either NDN
>> testbed or the CA server. You can run the following commands in your
>> terminal to connect your NFD to the testbed
>>
>
> My node is already connected to testbed. The connectivity is established
> via NDN-FCH service. I confirmed that ndnping /ndn/edu/ucla works.
>
>
>> *1. Get NDNCERT command line tools:*
>>
>> Option B: install from NDN PPA (For Debian OSes)
>>
>>> sudo add-apt-repository ppa:named-data/ppa
>>> sudo apt-get update
>>> sudo apt-get ndncert
>>
>>
> This repository is for Ubuntu. It does not work for Debian.
> I'm using the Debian repository found at
> https://bintray.com/yoursunny/named-data . It has
> ndncert 0.0.2-2-g047386ef-ppa1 backported from Ubuntu PPA.
>
>
>>
>> *2. Bootstrapping by downloading the trust anchor certificate*
>>
>> Run the command in your terminal:
>>
>>> curl -o /usr/local/etc/ndncert/client.conf
>>> https://zhiyi-zhang.com/ucla-client.txt
>>
>>
> This command does not work for a Debian installation. It needs sudo and
> cannot have /usr/local:
> sudo curl -o /etc/ndncert/client.conf
> https://zhiyi-zhang.com/ucla-client.txt
>
>
>>
>> *3. Get your own certificate!*
>>
>> Run the command line tool:
>>
>>> ndncert-client
>>
>>
>> You are supposed to get prompt like this:
>>
>>> ***************************************
>>> Index: 0
>>> CA prefix:/ndn/edu/ucla/CA
>>> Introduction: UCLA Certificate Authority of NDN Testbed
>>> ***************************************
>>> Step 0: Please type in the CA namespace index that you want to apply
>>
>> Type in "0" to select the CA /ndn/edu/ucla/CA.
>>
>>
>> Then you will get the prompt:
>>
>>> Step 1: Please type in the identity name
>>
>> You can type in the name that you want to obtain, e.g., alice.
>>
>>
>> Then you will get the available challenges through which you can prove
>> your identity and get a certificate:
>>
>
> This step does not work:
> debian at beaglebone:~$ ndncert-client
> ***************************************
> Index: 0
> CA prefix:/ndn/edu/ucla/CA
> Introduction: UCLA Certificate Authority of NDN Testbed
> ***************************************
> Step 0: Please type in the CA namespace index that you want to apply
> 0
> Step 1: Please type in the identity name
> alice
> Error: Got Nack
>
> tcpdump (attached) indicates that two Interests were transmitted, but none
> got a reply.
>
>
>> Step 2: Please select one challenge from following types
>>> PIN
>>> Email
>>
>> For now, there are two challenges available: PIN and Email.
>>
>> Type in "Email" to select email challenge and then follow the prompt to
>> type in your email address. After that, you will get an email (if no, the
>> email is probably in your spam box or blocked by your email service
>> provider). Copy the PIN code from the email and paste it in the command
>> line tool.
>>
>> You will then get a certificate installed on your device.
>>
>>
>>
>
> Yours, Junxiao
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20180727/2f9ec322/attachment-0001.html>