[Nfd-dev] Update on NDNCERT protocol
Zhiyi Zhang
zhiyi at cs.ucla.edu
Thu Apr 30 10:20:27 PDT 2020
I plan to finish the ICN paper (only two weeks before the deadline) first
and then come back to work on the spec.
Best,
Zhiyi
On Thu, Apr 30, 2020 at 4:14 AM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:
> Hi Zhiyi
>
> It's been 8 days. When do you expect to finish the challenges spec?
>
> Yours, Junxiao
>
> On Tue, Apr 21, 2020, 10:42 Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
>> Hi Zhiyi
>>
>> Main protocol revision 8921b91 has one typo: SignatureNounce.
>> I don't see any other problems.
>>
>> I started to review the challenges spec.
>> https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-Challenges
>> For revision d9fc127, I found the following problems.
>>
>> *Notations*
>> IN and DN would be easier to read if you write as I*n* and D*n*.
>> Do not use fixed width font, because these are not strings or TLV-TYPE
>> numbers.
>> The letter *n* is italic showing that it is a variable. In later
>> sections when it's replaced by a number, use regular font.
>>
>> CSPRG should be written as CSPRG.
>> Do not use fixed width font, because this is not string or TLV-TYPE
>> number.
>>
>> *All challenges*
>> The main protocol specifies: the CA will keep the state for the time as
>> defined in remaining-time field defined by the challenge selected.
>> Thus, each challenge needs to define its time limit.
>>
>> The main protocol specifies that selected-challenge element is required
>> in all CHALLENGE Interests.
>> Thus, every I2 should contain the selected-challenge element.
>>
>> What happens if the first CHALLENGE Interest selects one challenge, and
>> the second CHALLENGE Interest selects a different challenge?
>> Which error code?
>>
>> *Email Challenge*
>> Typo in D1: applicatoin.
>>
>> It's necessary to specify what elements should appear in the email. I
>> think you'll need at least: ca-prefix, request-id, and S.
>> Without ca-prefix, one CA could cause the requester to reveal S generated
>> by another CA.
>> Without request-id, malicious requesters could send the CA other requests
>> that deliver similar emails to the legitimate requester, and the legitimate
>> requester would have trouble identifying which S corresponds to the current
>> request.
>>
>> *Proof of Credential Challenge*
>> In the section title, "of" should not be capitalized. See
>> https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
>>
>> Is the ordering between the two key-value pairs significant?
>> If reordering is an error, which error code?
>>
>> Why does this challenge permit multiple tries? For PIN and email
>> challenges, there's possibility of user typing error, so that permitting
>> multiple tries makes sense. It doesn't make sense here.
>>
>> * Proof of Private Key Challenge *
>> In the section title, "of" should not be capitalized. See
>> https://www.bkacontent.com/how-to-correctly-use-apa-style-title-case/
>>
>> Why does this challenge permit multiple tries? For PIN and email
>> challenges, there's possibility of user typing error, so that permitting
>> multiple tries makes sense. It doesn't make sense here.
>>
>>
>> Yours, Junxiao
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20200430/e2f1c1c9/attachment.html>
More information about the Nfd-dev
mailing list