[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Zhiyi Zhang zhiyi at cs.ucla.edu
Fri Jan 8 14:25:04 PST 2021 

Hi Junxiao,

Yeah. It has been running and it supports both PIN code challenge and email
challenge.

I just applied a cert on my laptop (MacOS) from Suns server.
Since now we support RDR discovery and fetch of CA profile, so we don't
need to pre-config the client. Instead, in the step 2, type in the CA name
that you want to contact, and in step 2, check the certificate information
(the one shown below is a valid cert).

➜  ~ ndncert-client
***************************************
Step 1: CA SELECTION
> Index: 0
>> CA prefix:/example
>> Introduction: An example NDNCERT CA
Please type in the CA's index that you want to apply or type in NONE if
your expected CA is not in the list:
none

***************************************
Step 2: ADD NEW CA
Please type in the CA's Name:
/ndn

***************************************
Step 2: Will use a new trust anchor, please double check the identity info:
> New CA name: /ndn
> This trust anchor information is signed by:
Name=/ndn/KEY/e%9D%7F%A5%C5%81%10%7D
> The certificate: > The certificate: Certificate name:
  /ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B
Validity:
  NotBefore: 20171220T001939
  NotAfter: 20201231T235959
Additional Description:
  fullname: NDN Testbed Root
Public key bits:
  MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA
  AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////
  ///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd
  NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5
  RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA
  //////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABAUIdqatSflni6u9XO2ZSmBA
  +MjDwkx2RiPtCCLsm4oKVn2Jyfa/yOSgZseGqnTEdbN1rDWvlIgAmxI0MUXVM1g=
Signature Information:
  Signature Type: SignatureSha256WithEcdsa
  Key Locator: Self-Signed Name=/ndn/KEY/e%9D%7F%A5%C5%81%10%7D

Do you trust the information? Type in YES or NO
yes
You answered YES: new CA /ndn will be used

***************************************
Step 3: Do you know your identity name to be certified by CA /ndn already?
Type in YES or NO
no
You answered NO

***************************************
Step 4: Please provide information for name assignment
Please input: email
zhangzhiyi1919 at gmail.com
Got it. This is what you've provided:
email : zhangzhiyi1919 at gmail.com

***************************************
Step 5: You can either select one of the following names suggested by the
CA:
> Index: 0
>> Suggested name: /ndn/zhangzhiyi1919%40gmail.com
>> Corresponding Max sufiix length: 2

Or choose another trusted CA suggested by the CA:
Please type in the index of your choice:
0
You selected name: /ndn/zhangzhiyi1919%40gmail.com
Enter Suffix if you would like one (Enter to skip):

***************************************
Step 6: Please type in your expected validity period of your certificate.
Type the number of hours (168 for week, 730 for month, 8760 for year). The
CA may reject your application if your expected period is too long.
100
The validity period of your certificate will be: 100 hours

***************************************
Step 7: CHALLENGE SELECTION
> Index: 0
>> Challenge:email
> Index: 1
>> Challenge:pin
Please type in the challenge index that you want to perform:
0
The challenge has been selected: email

***************************************
Step 8: Please provide parameters used for Identity Verification Challenge
Please input your email address
zhangzhiyi1919 at gmail.com
Got it. This is what you've provided:
email : zhangzhiyi1919 at gmail.com

***************************************
Step 8: Please provide parameters used for Identity Verification Challenge
Please input your verification code
537720
Got it. This is what you've provided:
code : 537720
Certificate has already been issued, downloading certificate...

***************************************
Step 8: DONE
Certificate with Name: /ndn/zhangzhiyi1919%
40gmail.com/KEY/%9B%93%17L%81%11%7C%AE/NDNCERT/725316137953299380has
already been installed to your local keychain
Exit now%



On Fri, Jan 8, 2021 at 12:41 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> As discussed on the 2020-12-18 NFD call, you are going to deploy one
> instance of NDNCERT server (using https://github.com/Zhiyi-Zhang/ndncert
> v0.3 branch) on an end host connected to the testbed for trial usage.
> Moreover, you agreed to perform the deployment within one week from that
> call.
> Have you completed this task?
>
> Yours, Junxiao
>
> On Fri, Jul 27, 2018 at 2:54 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>
>> Hi all,
>>
>>
>> I deployed NDNCERT CA server on UCLA site and the server has been
>> connected to the NDN testbed.
>>
>> Now the NDNCERT CA is available and we encourage you to have a try and
>> get an NDN certificate (your certificate’s trust anchor is NDN testbed
>> anchor).
>>
>> To get an NDN certificate with NDNCERT, you can simply follow these steps:
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210108/110919ff/attachment.html>

More information about the Nfd-dev mailing list