[Nfd-dev] Update on NDNCERT protocol

Junxiao Shi shijunxiao at email.arizona.edu
Thu Apr 30 04:14:35 PDT 2020 

Hi Zhiyi

It's been 8 days. When do you expect to finish the challenges spec?

Yours, Junxiao

On Tue, Apr 21, 2020, 10:42 Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> Main protocol revision 8921b91 has one typo: SignatureNounce.
> I don't see any other problems.
>
> I started to review the challenges spec.
> https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-Challenges
> For revision d9fc127, I found the following problems.
>
> *Notations*
> IN and DN would be easier to read if you write as I*n* and D*n*.
> Do not use fixed width font, because these are not strings or TLV-TYPE
> numbers.
> The letter *n* is italic showing that it is a variable. In later sections
> when it's replaced by a number, use regular font.
>
> CSPRG should be written as CSPRG.
> Do not use fixed width font, because this is not string or TLV-TYPE number.
>
> *All challenges*
> The main protocol specifies: the CA will keep the state for the time as
> defined in remaining-time field defined by the challenge selected.
> Thus, each challenge needs to define its time limit.
>
> The main protocol specifies that selected-challenge element is required in
> all CHALLENGE Interests.
> Thus, every I2 should contain the selected-challenge element.
>
> What happens if the first CHALLENGE Interest selects one challenge, and
> the second CHALLENGE Interest selects a different challenge?
> Which error code?
>
> *Email Challenge*
> Typo in D1: applicatoin.
>
> It's necessary to specify what elements should appear in the email. I
> think you'll need at least: ca-prefix, request-id, and S.
> Without ca-prefix, one CA could cause the requester to reveal S generated
> by another CA.
> Without request-id, malicious requesters could send the CA other requests
> that deliver similar emails to the legitimate requester, and the legitimate
> requester would have trouble identifying which S corresponds to the current
> request.
>
> *Proof of Credential Challenge*
> In the section title, "of" should not be capitalized. See
> https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
>
> Is the ordering between the two key-value pairs significant?
> If reordering is an error, which error code?
>
> Why does this challenge permit multiple tries? For PIN and email
> challenges, there's possibility of user typing error, so that permitting
> multiple tries makes sense. It doesn't make sense here.
>
> * Proof of Private Key Challenge *
> In the section title, "of" should not be capitalized. See
> https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
>
> Why does this challenge permit multiple tries? For PIN and email
> challenges, there's possibility of user typing error, so that permitting
> multiple tries makes sense. It doesn't make sense here.
>
>
> Yours, Junxiao
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20200430/39d795f6/attachment.html>

More information about the Nfd-dev mailing list