[Nfd-dev] Push the Deployment of NDNCERT

Junxiao Shi shijunxiao at email.arizona.edu
Fri Oct 25 08:57:40 PDT 2019 

Hi Yufeng

Any update on the certificate publishing issue?
As discussed on 20191021 NFD call, we won't be deploying new NFD version
that supports direct fetch on the testbed anytime soon.
Thus, it's critical to have CA publishing certificates, otherwise
NDNCERT would not work.

Yours, Junxiao

On Fri, Oct 18, 2019 at 3:22 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Yufeng
>
> Thanks for restoring the NDNCERT server. I'm able to request a
> certificate, after operating NDNCERT *very carefully*.
>
>
>
>> On Tue, Sep 18, 2018 at 22:15 Junxiao Shi <shijunxiao at email.arizona.edu>
>>> wrote:
>>>
>>>>
>>>> Certificate publishing question: it seems that the certificates issued
>>>> from your CA is not published into the testbed, as I’m unable to retrieve
>>>> them by expressing an Interest of the certificate name with CanBePrefix. In
>>>> ndncert-legacy, the CA publishes every certificate it ever issued, and the
>>>> Relying Party can just refer to them with a KeyLocator. In new ndncert
>>>> system, who is expected to publish the certificates, CA or Replying Party
>>>> (client)?
>>>>
>>>
>> NDNCERT already support the repo-ng, which means the NDNCERT server can
>> publish all the issued certificates into the repo.
>> To solve the name issue (e.g., let /ndn/edu/ucla/CA serve
>> /ndn/edu/ucla/zhiyi/KEY/...), we can have a forwarding hint to forward the
>> request to the /ndn/edu/ucla and get the certificate from the repo. (repo's
>> registered prefix is not exposed to the testbed)
>>
>>
> As Zhiyi answered in Oct 2018
> <https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2018-October/003396.html>,
> NDNCERT server needs to publish all issued certificate into repo-ng.
> It seems that this part is not configured correctly in your deployment, as
> I'm unable to retrieve my certificate with ndnpeek, even if the Interest
> should be reaching spurs.
> Can you check the repo-ng publishing part?
>
> $ ndnpeek -vP
> /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
> INTEREST:
> /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
> TIMEOUT
>
> Yours, Junxiao
>
> On Fri, Oct 18, 2019 at 2:11 PM Yufeng Zhang <yufeng at ucla.edu> wrote:
>
>> Ndncert CA is running on spurs server. I used icear to apply a
>> certificate via email challenge and it is working now.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191025/09b2f94f/attachment.html>

More information about the Nfd-dev mailing list