[Nfd-dev] Push the Deployment of NDNCERT

Junxiao Shi shijunxiao at email.arizona.edu
Fri Oct 18 12:22:05 PDT 2019 

Hi Yufeng

Thanks for restoring the NDNCERT server. I'm able to request a certificate,
after operating NDNCERT *very carefully*.



> On Tue, Sep 18, 2018 at 22:15 Junxiao Shi <shijunxiao at email.arizona.edu>
>> wrote:
>>
>>>
>>> Certificate publishing question: it seems that the certificates issued
>>> from your CA is not published into the testbed, as I’m unable to retrieve
>>> them by expressing an Interest of the certificate name with CanBePrefix. In
>>> ndncert-legacy, the CA publishes every certificate it ever issued, and the
>>> Relying Party can just refer to them with a KeyLocator. In new ndncert
>>> system, who is expected to publish the certificates, CA or Replying Party
>>> (client)?
>>>
>>
> NDNCERT already support the repo-ng, which means the NDNCERT server can
> publish all the issued certificates into the repo.
> To solve the name issue (e.g., let /ndn/edu/ucla/CA serve
> /ndn/edu/ucla/zhiyi/KEY/...), we can have a forwarding hint to forward the
> request to the /ndn/edu/ucla and get the certificate from the repo. (repo's
> registered prefix is not exposed to the testbed)
>
>
As Zhiyi answered in Oct 2018
<https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2018-October/003396.html>,
NDNCERT server needs to publish all issued certificate into repo-ng.
It seems that this part is not configured correctly in your deployment, as
I'm unable to retrieve my certificate with ndnpeek, even if the Interest
should be reaching spurs.
Can you check the repo-ng publishing part?

$ ndnpeek -vP
/ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
INTEREST:
/ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
TIMEOUT

Yours, Junxiao

On Fri, Oct 18, 2019 at 2:11 PM Yufeng Zhang <yufeng at ucla.edu> wrote:

> Ndncert CA is running on spurs server. I used icear to apply a certificate
> via email challenge and it is working now.
>
> On Oct 17, 2019, at 2:19 PM, Zhiyi Zhang <Zhiyi.Zhang at ucla.edu> wrote:
>
> I've worked out a version of NDNCERT that works with the 0.66 ndn-cxx/NFD
> while keeping all the new changes in NDNCERT:
> https://github.com/Zhiyi-Zhang/ndncert
> @Yufeng You can use this version to deploy
>
> @Alex So Tianyuan is our new server admin, maybe you can share all the
> passwords to our servers to him? so that he can grant Yufeng an account to
> deploy NDNCERT on spurs as a user process.
>
> Best,
> Zhiyi
>
> On Wed, Oct 16, 2019 at 10:48 PM Lixia Zhang <lixia at cs.ucla.edu> wrote:
>
>> I can see the attraction of rolling back.
>>
>> On the other hand, given NDNCERT already works with the latest NDN-cxx, I
>> wonder whether we should roll back, in particular given Alex may be working
>> on fixing the work left by Vlad (as you saw on nfd-dev list).
>>
>>
>> On Oct 16, 2019, at 8:12 PM, TIANYUAN YU <royu29 at g.ucla.edu> wrote:
>>
>> I vote for the roll back ndncert if there’s no significant difference.
>> NFD/ndn-cxx 0.6.6 is a stable version and widely used release.
>>
>> Best,
>> Tianyuan
>>
>> Yes. The latest version of NDNCERT works with the latest version of
>> NDN-CXX, but is no longer compatible with release version 0.66.
>> So either we update NFD/NDN-CXX, or roll back NDNCERT to a older version.
>>
>> Best,
>> Zhiyi
>>
>> On Wed, Oct 16, 2019 at 8:06 PM Xinyu Ma <bitmxy at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> The monitor is fixed. I don’t know how, though.
>>>
>>> Best wishes,
>>> Xinyu Ma
>>>
>>> On Oct 16, 2019, at 7:45 PM, Yufeng Zhang <yufeng at ucla.edu> wrote:
>>>
>>> I just tested on a computer that has working NFD and ndn-cxx. I got a
>>> compilation error which prevents me from testing it remotely from a PC. I
>>> suspect it is due to ndn-cxx library incompatibility.
>>> <Screen Shot 2019-10-16 at 7.38.45 PM.png>
>>>
>>> On Oct 16, 2019, at 6:55 PM, Lixia Zhang <lixia at cs.ucla.edu> wrote:
>>>
>>> I removed external people and added Xinyu (who knows this server in
>>> question) and Tianyuan (our new sys adm).
>>>
>>> indeed the problem has been dragged on for long.
>>> Hope we get it fixed this time.
>>> If needed we could by a cheap PC for NDNCERT.
>>>
>>> On Oct 16, 2019, at 6:44 PM, Zhiyi Zhang <Zhiyi.Zhang at ucla.edu> wrote:
>>>
>>> Today's NFD call asked about the NDNCERT server status.
>>> People complain about NDNCERT deployment because the CA server always
>>> went down after it was deployed and we still don't have a stable CA
>>> deployed after months.
>>>
>>> @Yufeng do you know the reason why CA goes down every time after it got
>>> deployed? Is this because other people are also using the ICE-AR server and
>>> cause some problems?
>>>
>>> @Alex also mentioned we can use some of the old servers at UCLA. Could
>>> you suggest a server that can be used for NDNCERT deployment?
>>>
>>> Best,
>>> Zhiyi
>>>
>>>
>>>
>>>
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191018/243d1ff2/attachment.html>

More information about the Nfd-dev mailing list