[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Zhiyi Zhang zhiyi at cs.ucla.edu
Fri Jan 8 14:26:06 PST 2021 

Oh, forgot to mention: the prefix is /ndn/CA served by suns.cs.ucla.edu (
http://suns.cs.ucla.edu/)

Best,
Zhiyi

On Fri, Jan 8, 2021 at 2:25 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:

> Hi Junxiao,
>
> Yeah. It has been running and it supports both PIN code challenge and
> email challenge.
>
> I just applied a cert on my laptop (MacOS) from Suns server.
> Since now we support RDR discovery and fetch of CA profile, so we don't
> need to pre-config the client. Instead, in the step 2, type in the CA name
> that you want to contact, and in step 2, check the certificate information
> (the one shown below is a valid cert).
>
> ➜  ~ ndncert-client
> ***************************************
> Step 1: CA SELECTION
> > Index: 0
> >> CA prefix:/example
> >> Introduction: An example NDNCERT CA
> Please type in the CA's index that you want to apply or type in NONE if
> your expected CA is not in the list:
> none
>
> ***************************************
> Step 2: ADD NEW CA
> Please type in the CA's Name:
> /ndn
>
> ***************************************
> Step 2: Will use a new trust anchor, please double check the identity info:
> > New CA name: /ndn
> > This trust anchor information is signed by:
> Name=/ndn/KEY/e%9D%7F%A5%C5%81%10%7D
> > The certificate: > The certificate: Certificate name:
>   /ndn/KEY/e%9D%7F%A5%C5%81%10%7D/ndn/%FD%00%00%01%60qJQ%9B
> Validity:
>   NotBefore: 20171220T001939
>   NotAfter: 20201231T235959
> Additional Description:
>   fullname: NDN Testbed Root
> Public key bits:
>   MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA
>   AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////
>   ///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd
>   NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5
>   RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA
>   //////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABAUIdqatSflni6u9XO2ZSmBA
>   +MjDwkx2RiPtCCLsm4oKVn2Jyfa/yOSgZseGqnTEdbN1rDWvlIgAmxI0MUXVM1g=
> Signature Information:
>   Signature Type: SignatureSha256WithEcdsa
>   Key Locator: Self-Signed Name=/ndn/KEY/e%9D%7F%A5%C5%81%10%7D
>
> Do you trust the information? Type in YES or NO
> yes
> You answered YES: new CA /ndn will be used
>
> ***************************************
> Step 3: Do you know your identity name to be certified by CA /ndn already?
> Type in YES or NO
> no
> You answered NO
>
> ***************************************
> Step 4: Please provide information for name assignment
> Please input: email
> zhangzhiyi1919 at gmail.com
> Got it. This is what you've provided:
> email : zhangzhiyi1919 at gmail.com
>
> ***************************************
> Step 5: You can either select one of the following names suggested by the
> CA:
> > Index: 0
> >> Suggested name: /ndn/zhangzhiyi1919%40gmail.com
> >> Corresponding Max sufiix length: 2
>
> Or choose another trusted CA suggested by the CA:
> Please type in the index of your choice:
> 0
> You selected name: /ndn/zhangzhiyi1919%40gmail.com
> Enter Suffix if you would like one (Enter to skip):
>
> ***************************************
> Step 6: Please type in your expected validity period of your certificate.
> Type the number of hours (168 for week, 730 for month, 8760 for year). The
> CA may reject your application if your expected period is too long.
> 100
> The validity period of your certificate will be: 100 hours
>
> ***************************************
> Step 7: CHALLENGE SELECTION
> > Index: 0
> >> Challenge:email
> > Index: 1
> >> Challenge:pin
> Please type in the challenge index that you want to perform:
> 0
> The challenge has been selected: email
>
> ***************************************
> Step 8: Please provide parameters used for Identity Verification Challenge
> Please input your email address
> zhangzhiyi1919 at gmail.com
> Got it. This is what you've provided:
> email : zhangzhiyi1919 at gmail.com
>
> ***************************************
> Step 8: Please provide parameters used for Identity Verification Challenge
> Please input your verification code
> 537720
> Got it. This is what you've provided:
> code : 537720
> Certificate has already been issued, downloading certificate...
>
> ***************************************
> Step 8: DONE
> Certificate with Name: /ndn/zhangzhiyi1919%
> 40gmail.com/KEY/%9B%93%17L%81%11%7C%AE/NDNCERT/725316137953299380has
> already been installed to your local keychain
> Exit now%
>
>
>
> On Fri, Jan 8, 2021 at 12:41 PM Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
>> Hi Zhiyi
>>
>> As discussed on the 2020-12-18 NFD call, you are going to deploy one
>> instance of NDNCERT server (using https://github.com/Zhiyi-Zhang/ndncert
>> v0.3 branch) on an end host connected to the testbed for trial usage.
>> Moreover, you agreed to perform the deployment within one week from that
>> call.
>> Have you completed this task?
>>
>> Yours, Junxiao
>>
>> On Fri, Jul 27, 2018 at 2:54 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>>
>>> Hi all,
>>>
>>>
>>> I deployed NDNCERT CA server on UCLA site and the server has been
>>> connected to the NDN testbed.
>>>
>>> Now the NDNCERT CA is available and we encourage you to have a try and
>>> get an NDN certificate (your certificate’s trust anchor is NDN testbed
>>> anchor).
>>>
>>> To get an NDN certificate with NDNCERT, you can simply follow these
>>> steps:
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210108/cb5fa8f3/attachment-0001.html>

More information about the Nfd-dev mailing list