[Nfd-dev] Push the Deployment of NDNCERT
Junxiao Shi
shijunxiao at email.arizona.edu
Mon Nov 18 16:23:55 PST 2019
Hi Yufeng
The repo publishing is not working.
I successfully received certificate
/ndn/edu/ucla/yufeng/13759658182723969047/KEY/n%D7%BA%95%04%931P/NDNCERT/1933834966544541902
but am unable to retrieve it with ndnpeek.
I'm using named-data/ndncert master branch
https://github.com/named-data/ndncert/tree/aae119aeb9b5387f2fd8f80c56ee8cbfe8c15988
Yours, Junxiao
On Fri, Oct 25, 2019 at 11:57 AM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:
> Hi Yufeng
>
> Any update on the certificate publishing issue?
> As discussed on 20191021 NFD call, we won't be deploying new NFD version
> that supports direct fetch on the testbed anytime soon.
> Thus, it's critical to have CA publishing certificates, otherwise
> NDNCERT would not work.
>
> Yours, Junxiao
>
> On Fri, Oct 18, 2019 at 3:22 PM Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
>> Hi Yufeng
>>
>> Thanks for restoring the NDNCERT server. I'm able to request a
>> certificate, after operating NDNCERT *very carefully*.
>>
>>
>>
>>> On Tue, Sep 18, 2018 at 22:15 Junxiao Shi <shijunxiao at email.arizona.edu>
>>>> wrote:
>>>>
>>>>>
>>>>> Certificate publishing question: it seems that the certificates issued
>>>>> from your CA is not published into the testbed, as I’m unable to retrieve
>>>>> them by expressing an Interest of the certificate name with CanBePrefix. In
>>>>> ndncert-legacy, the CA publishes every certificate it ever issued, and the
>>>>> Relying Party can just refer to them with a KeyLocator. In new ndncert
>>>>> system, who is expected to publish the certificates, CA or Replying Party
>>>>> (client)?
>>>>>
>>>>
>>> NDNCERT already support the repo-ng, which means the NDNCERT server can
>>> publish all the issued certificates into the repo.
>>> To solve the name issue (e.g., let /ndn/edu/ucla/CA serve
>>> /ndn/edu/ucla/zhiyi/KEY/...), we can have a forwarding hint to forward the
>>> request to the /ndn/edu/ucla and get the certificate from the repo. (repo's
>>> registered prefix is not exposed to the testbed)
>>>
>>>
>> As Zhiyi answered in Oct 2018
>> <https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2018-October/003396.html>,
>> NDNCERT server needs to publish all issued certificate into repo-ng.
>> It seems that this part is not configured correctly in your deployment,
>> as I'm unable to retrieve my certificate with ndnpeek, even if the Interest
>> should be reaching spurs.
>> Can you check the repo-ng publishing part?
>>
>> $ ndnpeek -vP
>> /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
>> INTEREST:
>> /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
>> TIMEOUT
>>
>> Yours, Junxiao
>>
>> On Fri, Oct 18, 2019 at 2:11 PM Yufeng Zhang <yufeng at ucla.edu> wrote:
>>
>>> Ndncert CA is running on spurs server. I used icear to apply a
>>> certificate via email challenge and it is working now.
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191118/cceb9589/attachment.html>
More information about the Nfd-dev
mailing list