[Nfd-dev] Update on NDNCERT protocol
Junxiao Shi
shijunxiao at email.arizona.edu
Tue Apr 21 07:42:32 PDT 2020
Hi Zhiyi
Main protocol revision 8921b91 has one typo: SignatureNounce.
I don't see any other problems.
I started to review the challenges spec.
https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-Challenges
For revision d9fc127, I found the following problems.
*Notations*
IN and DN would be easier to read if you write as I*n* and D*n*.
Do not use fixed width font, because these are not strings or TLV-TYPE
numbers.
The letter *n* is italic showing that it is a variable. In later sections
when it's replaced by a number, use regular font.
CSPRG should be written as CSPRG.
Do not use fixed width font, because this is not string or TLV-TYPE number.
*All challenges*
The main protocol specifies: the CA will keep the state for the time as
defined in remaining-time field defined by the challenge selected.
Thus, each challenge needs to define its time limit.
The main protocol specifies that selected-challenge element is required in
all CHALLENGE Interests.
Thus, every I2 should contain the selected-challenge element.
What happens if the first CHALLENGE Interest selects one challenge, and the
second CHALLENGE Interest selects a different challenge?
Which error code?
*Email Challenge*
Typo in D1: applicatoin.
It's necessary to specify what elements should appear in the email. I think
you'll need at least: ca-prefix, request-id, and S.
Without ca-prefix, one CA could cause the requester to reveal S generated
by another CA.
Without request-id, malicious requesters could send the CA other requests
that deliver similar emails to the legitimate requester, and the legitimate
requester would have trouble identifying which S corresponds to the current
request.
*Proof of Credential Challenge*
In the section title, "of" should not be capitalized. See
https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
Is the ordering between the two key-value pairs significant?
If reordering is an error, which error code?
Why does this challenge permit multiple tries? For PIN and email
challenges, there's possibility of user typing error, so that permitting
multiple tries makes sense. It doesn't make sense here.
* Proof of Private Key Challenge *
In the section title, "of" should not be capitalized. See
https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
Why does this challenge permit multiple tries? For PIN and email
challenges, there's possibility of user typing error, so that permitting
multiple tries makes sense. It doesn't make sense here.
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20200421/6924e6d4/attachment.html>
More information about the Nfd-dev
mailing list