[Nfd-dev] NDNCert
Zhiyi Zhang
zhiyi at cs.ucla.edu
Thu Feb 13 11:51:37 PST 2020
Hi John,
Thank you for your attention.
On Thu, Feb 13, 2020 at 7:47 AM Dehart, John <jdd at wustl.edu> wrote:
> Zhiyi,
>
> Something that would be helpful for me to understand the NDNCert protocol
> and
> how it will operate is if we could have a detailed walkthrough of an
> example of
> how it would work on the NDN Testbed.
>
> I envision it would be something like this but I am probably missing
> parts or have some
> things wrong:
>
> 1. Create root self-signed cert on UCLA node.
> 2. Run Root NDN Testbed CA on UCLA node using root self signed cert
> 3. On each NDN Testbed node:
> a. Create node prefix based ndnsec key pair
>
This step will automatically be done by NDNCERT.
> b. Request cert from Root NDN Testbed CA at UCLA
> c. Run node prefix based CA for this nodes namespace
> 4. Users wanting a cert within an NDN Testbed node's namespace request it
> from that node’ CA
>
There is no problem here.
Something to add:
In your example, the UCLA node is the root node (root node CA can be hosted
by any testbed node). then I think UCLA will own two CA instances. One is
the root CA, i.e., /ndn/CA and the other is UCLA's CA, i.e.,
/ndn/edu/ucla/CA
> Given that kind of scenario, what would be the protocol messages,
> challenges, email exchanges, etc
> that would be required.
>
My suggestion is to use PIN code for site CAs to get certificates from the
root CA, which means root CA only accepts PIN code challenge.
Regarding normal CA, I think using email and PIN code challenges is
sufficient.
>
> This may not fit into todays conf call but it would be something to have
> before we are ready to
> deploy on the NDN Testbed.
>
You are absolutely right.
I think the ndn-dev call need to cover following topics:
1. CA names
2. repo deployment
3. mapping from an email address to an NDN name
4. what challenges to use for different types of CAs (root CA, site CA)
Best,
Zhiyi
> John
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20200213/a75ff8ff/attachment.html>
More information about the Nfd-dev
mailing list