[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Junxiao Shi shijunxiao at email.arizona.edu
Tue Nov 5 11:17:06 PST 2019 

Hi Davide

Frame 6 was generated by a different program that does not rely on
ndn-cxx-0.6.6.
I just confirmed that the packet has the correct
ParametersSha256DigestComponent, with the following snippet:

// g++ -std=c++14 -o x x.cpp $(pkg-config --cflags --libs libndn-cxx)

#include <ndn-cxx/interest.hpp>
#include <ndn-cxx/encoding/block.hpp>
#include <ndn-cxx/util/string-helper.hpp>

#include <iostream>
#include <string>

std::string pkt =
"0571074208036e646e0803656475080475636c610806797566656e6708065f50524f42450220649503f51f30e5f9a3a76d6f1847bcce7208b64367a2459ac848ebfc91f47ed812000a046d1ddfd80c020f97241f7b22656d61696c223a22537573656e746572406461797265702e636f6d227d"
;

int main() {
  ndn::Block block(ndn::fromHex(pkt));
  ndn::Interest interest(block);
  bool ok = interest.isParametersDigestValid();
  std::cout << static_cast<int>(ok) << std::endl;
}


'pkt' was copied from Wireshark using "hex stream" mode. This snippet
prints "1", indicating the digest is valid.
Thus, I believe this is a problem in NDNCERT-CA deployment.

Yours, Junxiao

On Tue, Nov 5, 2019 at 12:50 AM Davide Pesavento <davidepesa at gmail.com>
wrote:

> Using ParametersSha256DigestComponent (and, by extension,
> ApplicationParameters) with ndn-cxx-0.6.6 or any earlier versions is a
> bad idea. You'd have to take care of the parameters digest manually,
> which I doubt ndncert is doing.
>
> Davide
>
> On Tue, Nov 5, 2019 at 12:32 AM Junxiao Shi
> <shijunxiao at email.arizona.edu> wrote:
> >
> > Hi Zhiyi
> >
> > It seems that the current deployment is not handling
> ParametersSha256DigestComponent correctly.
> >
> > In the attached packet sample, frame 1 is a PROBE Interest generated by
> ndncert-client from
> https://github.com/Zhiyi-Zhang/ndncert/tree/3b9a2501d60e90ec33845e021a500a9820bf9050
> .
> > The Interest is invalid under Packet Format 0.3, as it contains
> ApplicationParameters element but lacks ParametersSha256DigestComponent in
> the name.
> > Nevertheless, the CA responded to this Interest in frame 2.
> >
> > Frame 6 was generated by a different program. It carries the same JSON
> object, and have a ParametersSha256DigestComponent appended to the name.
> However, the CA is not responding to it.
> > Did I generate the packet wrong, or is it a problem with the deployment?
> >
> > Yours, Junxiao
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191105/ef58c9c2/attachment.html>

More information about the Nfd-dev mailing list