[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Tue Nov 5 11:20:05 PST 2019

Yes, I was talking about ndncert and the current test deployment that is
using ndn-cxx v0.6.6.

Davide

On Tue, Nov 5, 2019, 2:17 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Davide
>
> Frame 6 was generated by a different program that does not rely on
> ndn-cxx-0.6.6.
> I just confirmed that the packet has the correct
> ParametersSha256DigestComponent, with the following snippet:
>
> // g++ -std=c++14 -o x x.cpp $(pkg-config --cflags --libs libndn-cxx)
>
> #include <ndn-cxx/interest.hpp>
> #include <ndn-cxx/encoding/block.hpp>
> #include <ndn-cxx/util/string-helper.hpp>
>
> #include <iostream>
> #include <string>
>
> std::string pkt =
> "0571074208036e646e0803656475080475636c610806797566656e6708065f50524f42450220649503f51f30e5f9a3a76d6f1847bcce7208b64367a2459ac848ebfc91f47ed812000a046d1ddfd80c020f97241f7b22656d61696c223a22537573656e746572406461797265702e636f6d227d"
> ;
>
> int main() {
>   ndn::Block block(ndn::fromHex(pkt));
>   ndn::Interest interest(block);
>   bool ok = interest.isParametersDigestValid();
>   std::cout << static_cast<int>(ok) << std::endl;
> }
>
>
> 'pkt' was copied from Wireshark using "hex stream" mode. This snippet
> prints "1", indicating the digest is valid.
> Thus, I believe this is a problem in NDNCERT-CA deployment.
>
> Yours, Junxiao
>
> On Tue, Nov 5, 2019 at 12:50 AM Davide Pesavento <davidepesa at gmail.com>
> wrote:
>
>> Using ParametersSha256DigestComponent (and, by extension,
>> ApplicationParameters) with ndn-cxx-0.6.6 or any earlier versions is a
>> bad idea. You'd have to take care of the parameters digest manually,
>> which I doubt ndncert is doing.
>>
>> Davide
>>
>> On Tue, Nov 5, 2019 at 12:32 AM Junxiao Shi
>> <shijunxiao at email.arizona.edu> wrote:
>> >
>> > Hi Zhiyi
>> >
>> > It seems that the current deployment is not handling
>> ParametersSha256DigestComponent correctly.
>> >
>> > In the attached packet sample, frame 1 is a PROBE Interest generated by
>> ndncert-client from
>> https://github.com/Zhiyi-Zhang/ndncert/tree/3b9a2501d60e90ec33845e021a500a9820bf9050
>> .
>> > The Interest is invalid under Packet Format 0.3, as it contains
>> ApplicationParameters element but lacks ParametersSha256DigestComponent in
>> the name.
>> > Nevertheless, the CA responded to this Interest in frame 2.
>> >
>> > Frame 6 was generated by a different program. It carries the same JSON
>> object, and have a ParametersSha256DigestComponent appended to the name.
>> However, the CA is not responding to it.
>> > Did I generate the packet wrong, or is it a problem with the deployment?
>> >
>> > Yours, Junxiao
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191105/85102d9f/attachment.html>