[Nfd-dev] Fwd: NDN Testbed Root certificate not published

Junxiao Shi shijunxiao at email.arizona.edu
Sat May 2 08:31:27 PDT 2020 

Dear folks

I wonder whether the testbed root certificate should be published over NDN?
Which node(s) are responsible for publishing this certificate?

Yours, Junxiao

---------- Forwarded message ---------
From: Junxiao Shi <shijunxiao at email.arizona.edu>
Date: Sat, May 2, 2020 at 11:30 AM
Subject: Re: NDN Testbed Root certificate not published
To: <operators at lists.named-data.net> <operators at lists.named-data.net>


Hi NDNOPS

I notice that the "NDN Testbed Root" certificate cannot be retrieved over
NDN.

>From https://named-data.net/ndnsec/ndn-testbed-root-v2.ndncert.txt I can
see:
Certificate name: /ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B

However, I cannot retrieve the certificate over NDN.
To rule out potential connectivity problems, I'm running the commands on
Arizona router.

shijunxiao at hobo:~$ ndnpeek -V
ndnpeek 0.7-1-g7d14815
shijunxiao at hobo:~$ ndnpeek -P
/ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B
shijunxiao at hobo:~$ echo $?
3

The second command sets CanBePrefix flag with -P. There's no response to
this Interest.
ndnpeek exit code is 3. In ndnpeek 0.7, this means InterestLifetime has
timed out.


Although root CA certificate retrieval is not a prerequisite of verifying
packets, I still think the root certificate should be available over NDN.

Yours, Junxiao

On Fri, Jul 8, 2016 at 10:38 AM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi NDNOPS
>
> I notice that the "NDN Testbed Root" certificate cannot be retrieved over
> NDN.
>
> From http://named-data.net/ndnsec/ndn-testbed-root.ndncert.txt I can see:
> Certificate name: /ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14
>
> However, I cannot retrieve the certificate over NDN.
> To rule out potential connectivity problems, I'm running the commands on
> Arizona router.
>
> shijunxiao at hobo:~$ ndnpeek -V
> ndnpeek 0.2
> shijunxiao at hobo:~$ ndnpeek -M 1
> /ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14
> shijunxiao at hobo:~$ echo $?
> 3
> shijunxiao at hobo:~$ ndnpeek
> /ndn/KEY/ksk-1397537228649/ID-CERT/%00%00%01Ec%B7%24%14 | ndn-dissect
> 6 (Data) (size: 379)
>   7 (Name) (size: 59)
>     8 (NameComponent) (size: 3) [[ndn]]
>     8 (NameComponent) (size: 3) [[KEY]]
>     8 (NameComponent) (size: 17) [[ksk-1397537228649]]
>     8 (NameComponent) (size: 7) [[ID-CERT]]
>     8 (NameComponent) (size: 8) [[%00%00%01Ec%B7%24%14]]
>     8 (NameComponent) (size: 9) [[%FD%00%00%01U%CA%E4%BE%D2]]
>   20 (MetaInfo) (size: 7)
>     25 (FreshnessPeriod) (size: 2) [[%0F%A0]]
>     180 (APP_TAG_1) (size: 1) [[%02]]
>   21 (Content) (size: 0) [[...]]
>   22 (SignatureInfo) (size: 45)
>     27 (SignatureType) (size: 1) [[%01]]
>     28 (KeyLocator) (size: 40)
>       7 (Name) (size: 38)
>         8 (NameComponent) (size: 3) [[ndn]]
>         8 (NameComponent) (size: 3) [[KEY]]
>         8 (NameComponent) (size: 17) [[dsk-1417416866979]]
>         8 (NameComponent) (size: 7) [[ID-CERT]]
>   23 (SignatureValue) (size: 256)
> [[%0A%9A%7F%044.%FC%FE%BD%E37%F8%3F6K%05%E1%CB%A1%C9T%AE%F4%EC%9E%C9%BC%29%E6uI%9B%CA%7F%06%17%2CA%81%A2%F8%CC%CD%8Fu%D5%AD%E5%90%7E%40w%0B%19%B9%D8%F9%9B%5C%BB%22j%1E%20P%C2%BB%7F%8EE%E5%00%B8%E3Q%2F%E8c%27J%99ll%0B%3F%FE%82%F83%84XS%10k%BD%96%85%8F%96%5E%10s%FC%C5%DC%B6ql%98%9C%C8%FC4%F0%F7%FAarQ%20%06%FEz%13%88H%1D%ED%F6O%09%F4%1B%FEo-%3C6%EE%F5%1E%A2G%19%E4%D2%D9%84%C4%95je%13p%BF%E9%26%B8%60%81%D8%EE%EB%25%3B%F2%FF%CA%D1%06%A4%02%EFf%F5aw%B0%E6%DEQoO%A9%26%F0%0F%A0%C7M%E2%A3%DE2%CE%D2%D6%916%28P%A8%A5%E4%BE%07%98%A9%10%F4%AF%12%20%AB%A5%3B%7C%DF%A8%E9%FB%7F%00%00MD%C1%EC%85%17%95-%D3%EAp%A6F%230%97%8B%DB%E8%CB%EA%F5%EF%B9%B1%1Cz%07E%BB%FD%15]]
> shijunxiao at hobo:~$ curl -s
> http://named-data.net/ndnsec/ndn-testbed-root.ndncert | ndn-dissect
> 6 (Data) (size: 725)
>   7 (Name) (size: 48)
>     8 (NameComponent) (size: 3) [[ndn]]
>     8 (NameComponent) (size: 3) [[KEY]]
>     8 (NameComponent) (size: 17) [[ksk-1397537228649]]
>     8 (NameComponent) (size: 7) [[ID-CERT]]
>     8 (NameComponent) (size: 8) [[%00%00%01Ec%B7%24%14]]
>   20 (MetaInfo) (size: 3)
>     24 (ContentType) (size: 1) [[%02]]
>   21 (Content) (size: 359)
> [[0%82%01c0%22%18%0F20140414000000Z%18%0F20181231235959Z0%190%17%06%03U%04%29%13%10NDN%20Testbed%20Root0%82%01%200%0D%06%09%2A%86H%86%F7%0D%01%01%01%05%00%03%82%01%0D%000%82%01%08%02%82%01%01%00%BF%D7%A2r%0D%13%82%81%20.F%DC%06%9B%DE%E2f%CF%D9%DF%FF%89%D3E%AD%BF%B5%60%CF%9F%93h%B6%AB%3F%FA%1E%22%FF%11%7B.%EB%0Al%15%E4%BA%02%D1%8D%87%09%B0%ED%5B%21W%F9%F7%BFv%D5O%0B%A4%27%D0v%16%B1%05g%EB%DB%A38f%C6w%8Bg%15jpo%C59%DEe%05%98j%1B%20%F0%CD%20%03%E8%CC%15%B4%A4%A6%05a2%C0%1FU%1F%94%08%F8%5C%BC%F9%19%FF%DE%15%1E%83%AA%DC%D6%9E%DF%A4Q%5B%AE%29kD%0A%0A%E5%25%B8TU%AC%08Y%0F%DC%E3%F9%02G3%C7%DA%3AS%89L%B9%EC%B3%DB%E3%82%06%F91k%BFu%2F%1C%60G%D8%F6%8F%CE%A1Yim%E0%9B%0A%84%09v%11%9C%D0%D5%A1%12jS%C7%F5%19%1D%25%04%0C%A4U%EB%AE7%11%3Cz%DF%24-O%DFV%22%9E%3EUP%40%A3%18u%0F%3F%22%E1%E3%C1%8E%00l%0C%94%D6%EE%9D%F1%C6%B7%8E%C5%E5%BF%9D%D2%0A6%953%BF%F5%02%01%11]]
>   22 (SignatureInfo) (size: 45)
>     27 (SignatureType) (size: 1) [[%01]]
>     28 (KeyLocator) (size: 40)
>       7 (Name) (size: 38)
>         8 (NameComponent) (size: 3) [[ndn]]
>         8 (NameComponent) (size: 3) [[KEY]]
>         8 (NameComponent) (size: 17) [[ksk-1397537228649]]
>         8 (NameComponent) (size: 7) [[ID-CERT]]
>   23 (SignatureValue) (size: 256)
> [[%21%C8%F5%23H%ED%E5%0A%DDW%0Dd%80%B18%B0%EC%CE9%E1%09rP%85%D6%BD.V%A8%85%C6%13%DC%C9%80%831%B7C%8By%CE%A8%EA%B89-%9C%87%FA%18z1%2A%0A%F4%8BT%BD%00%D5%03%F1W%C9%07S%7C%A6%40%B2%11%A1%C7%B7%A3%12b%B0S%9C%82%B7s%D7%7E%9A%DF%C1%06p%B8%89%A3%90Z6B%98+%C0%DF%DCN%85%C6%92%21%0EC%FE%EB%E6%A5%C2H%01%1A%82b%16%88%B9%DCy%F8%B1%7D%3A%29+%B9%86%5B%E0%03B%BC%AF%0A%1BSz%25%DA%C1k%AA%D3%13%C2%E3%9C%26%C39%28%13%216pk%84n%07rB%81%D3%07H%BF%EF%99%C9Vd%0Es%A8%89n%00%1F%C6%B7K%20.w%92%B2%9E%E5%04W%F0%7DF%0D%FEH%ACB%E6%C0.%E4%29%AD%1BoN%91%27%E8K%2Ca%0Ako%3A%20%E1%DE%00%90%05%B1%0B%B7%C2z%13%85%60E%BD%40%DE%82%DE5%CC%5Etk%0C%E0%A2%C1%CB%AD%94C]]
>
> The second command sets MaxSuffixComponents to 1 with -M 1. This allows
> the implicit digest. There's no response to this Interest.
> ndnpeek exit code is 3. In ndnpeek 0.2, this means InterestLifetime has
> timed out.
>
> The fourth command expresses the Interest without Selectors. There is a
> response Data to this Interest, but it is not a valid certificate because
> it lacks MetaInfo/ContentType field.
>
> The fifth command shows the certificate retrieved over HTTP, as a
> comparison.
>
>
>
> Although root CA certificate retrieval is not a prerequisite of verifying
> packets, I still think the root certificate should be available over NDN.
>
> Yours, Junxiao
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20200502/6c82f359/attachment-0001.html>

More information about the Nfd-dev mailing list