[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Zhiyi Zhang zhiyi at cs.ucla.edu
Tue Nov 5 13:45:01 PST 2019 

Sorry for the late reply.

>
> I'm trying to deploy a CA but the instructions do not work.
> Software version is
> https://github.com/Zhiyi-Zhang/ndncert/tree/3b9a2501d60e90ec33845e021a500a9820bf9050 with
> ndn-cxx 0.6.6.
> The config file is written exactly as given in the instructions
> <https://github.com/named-data/ndncert/wiki/NDNCERT-CA-Instructions#setup-ndn-testbed-ca>
> .


sunny at sunny5:~/code/ndncert$ ndnsec-ls-identity
> * /example
> sunny at sunny5:~/code/ndncert$ cat ~/ndn.ca.conf
> {
>   "ca-list":
>   [
>     {
>         "ca-prefix": "/example",
>         "issuing-freshness": "720",
>         "validity-period": "360",
>         "ca-info": "My Personal CA",
>         "supported-challenges":
>         [
>             { "type": "PIN" }
>         ]
>     }
>   ]
> }
> sunny at sunny5:~/code/ndncert$ LD_LIBRARY_PATH=build
> build/bin/ndncert-ca-server -c ~/ndn.ca.conf
> terminate called after throwing an instance of
> 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::property_tree::ptree_bad_path>
> >'
>   what():  No such node (ca-prefix)
> Aborted (core dumped)


Sorry, I should have updated the documentation earlier.
The config should be like:
{
        "ca-prefix": "/example",
        "issuing-freshness": "720",
        "validity-period": "360",
        "ca-info": "My Personal CA",
        "supported-challenges":
        [
            { "type": "PIN" }
        ]
}
We simplified the function of ndncert-ca-server.
Now if a node want to become the CA for multiple prefixes, multiple
ndncert-ca-server should be started using different config files.
I will update the documentation now.


On Mon, Nov 4, 2019 at 8:28 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> Can you merge the commit in ndn-cxx-0.6.6 compatible repository?
> https://github.com/Zhiyi-Zhang/ndncert
>
> Several of my nodes are using ndn-cxx installed from PPA, and they have to
> rely on this repository.
>

Oh, you mean we should merge the code using the old APIs? I don't know
whether other reviewers would agree.

Best,
Zhiyi


>
> Yours, Junxiao
>
> On Fri, Oct 18, 2019 at 5:10 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>
>> Hi Junxiao,
>>
>> Thank you for the bug report. This will be fixed in commit:
>> https://gerrit.named-data.net/c/ndncert/+/5775
>>
>> Best,
>> Zhiyi
>>
>> On Fri, Oct 18, 2019 at 11:58 AM Junxiao Shi <
>> shijunxiao at email.arizona.edu> wrote:
>>
>>> Hi Zhiyi
>>>
>>> Option 2 of the instructions says:
>>>
>>> A second option is to send CA an Interest with name
>>> /ca/prefix/CA/_PROBE/INFO. To do so, a client can run the NDNCERT client
>>> and type in NONE in the CA selection step and then input the target CA
>>> prefix manually.
>>>
>>>
>>> However, this does not work:
>>> $ ndncert-client
>>> Cannot load the configuration file: /usr/local/etc/ndncert/client.conf:
>>> cannot open file
>>>
>>> After copying client.conf.sample to client.conf, it still doesn't work:
>>> $ ndncert-client
>>> ***************************************
>>> Index: 0
>>> CA prefix:/example
>>> Introduction: An example NDNCERT CA
>>> ***************************************
>>> Step 0: Please type in the CA INDEX that you want to apply or type in
>>> NONE if your expected CA is not in the list
>>> NONE
>>> Step 1: Please type in the CA Name
>>> Got NACK
>>>
>>> The only thing I typed is "NONE". The "Got NACK" message appears before
>>> I'm given a chance to type anything.
>>>
>>> ndn-cxx and NFD version is 0.6.6 installed from PPA.
>>> Client software version is
>>> https://github.com/Zhiyi-Zhang/ndncert/tree/3b9a2501d60e90ec33845e021a500a9820bf9050
>>>
>>> On the other hand, option 1 works, but it requires manual merging of
>>> JSON objects.
>>>
>>> Yours, Junxiao
>>>
>>> On Sat, Sep 7, 2019 at 1:26 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>>>
>>>> Hi Junxiao,
>>>>
>>>> I updated the CA instructions document. The way to create client.conf
>>>> is here:
>>>> https://github.com/named-data/ndncert/wiki/NDNCERT-CA-Instructions#derive-client-configuration-from-ca-configuration
>>>>
>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191105/01d8b465/attachment.html>

More information about the Nfd-dev mailing list