[Nfd-dev] Push the Deployment of NDNCERT

Davide Pesavento davidepesa at gmail.com
Fri Oct 25 09:09:47 PDT 2019 

Junxiao,

I tried a couple of days ago and certificate retrieval was working. So
I assume the publishing aspect has been fixed.

Davide

On Fri, Oct 25, 2019 at 11:58 AM Junxiao Shi
<shijunxiao at email.arizona.edu> wrote:
>
> Hi Yufeng
>
> Any update on the certificate publishing issue?
> As discussed on 20191021 NFD call, we won't be deploying new NFD version that supports direct fetch on the testbed anytime soon.
> Thus, it's critical to have CA publishing certificates, otherwise NDNCERT would not work.
>
> Yours, Junxiao
>
> On Fri, Oct 18, 2019 at 3:22 PM Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
>>
>> Hi Yufeng
>>
>> Thanks for restoring the NDNCERT server. I'm able to request a certificate, after operating NDNCERT very carefully.
>>
>>
>>>>
>>>> On Tue, Sep 18, 2018 at 22:15 Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
>>>>>
>>>>>
>>>>> Certificate publishing question: it seems that the certificates issued from your CA is not published into the testbed, as I’m unable to retrieve them by expressing an Interest of the certificate name with CanBePrefix. In ndncert-legacy, the CA publishes every certificate it ever issued, and the Relying Party can just refer to them with a KeyLocator. In new ndncert system, who is expected to publish the certificates, CA or Replying Party (client)?
>>>
>>>
>>> NDNCERT already support the repo-ng, which means the NDNCERT server can publish all the issued certificates into the repo.
>>> To solve the name issue (e.g., let /ndn/edu/ucla/CA serve /ndn/edu/ucla/zhiyi/KEY/...), we can have a forwarding hint to forward the request to the /ndn/edu/ucla and get the certificate from the repo. (repo's registered prefix is not exposed to the testbed)
>>>
>>
>> As Zhiyi answered in Oct 2018, NDNCERT server needs to publish all issued certificate into repo-ng.
>> It seems that this part is not configured correctly in your deployment, as I'm unable to retrieve my certificate with ndnpeek, even if the Interest should be reaching spurs.
>> Can you check the repo-ng publishing part?
>>
>> $ ndnpeek -vP /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
>> INTEREST: /ndn/edu/ucla/yufeng/5817003603372734985/KEY/%83.%B5%FB%B2%E87%F1/NDNCERT/8268200814391559947
>> TIMEOUT
>>
>> Yours, Junxiao
>>
>> On Fri, Oct 18, 2019 at 2:11 PM Yufeng Zhang <yufeng at ucla.edu> wrote:
>>>
>>> Ndncert CA is running on spurs server. I used icear to apply a certificate via email challenge and it is working now.
>>>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

More information about the Nfd-dev mailing list