[Nfd-dev] [EXT]Re: Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Junxiao Shi shijunxiao at email.arizona.edu
Sat Jan 9 23:06:40 PST 2021 

Hi Zhiyi


>> Wrong naming convention
>> The protocol requires the version and segment component to use 2019
>> naming convention: the terminology section links to TR-0022 rev2.
>> However, the RDR server is returning a version number in 2014 naming
>> convention.
>> $ ndnpeek -Pf /ndn/CA/INFO/32=metadata | ndn-dissect
>> 6 (Data) (size: 179)
>>   7 (Name) (size: 40)
>>     8 (GenericNameComponent) (size: 3) [[ndn]]
>>     8 (GenericNameComponent) (size: 2) [[CA]]
>>     8 (GenericNameComponent) (size: 4) [[INFO]]
>>     32 (KeywordNameComponent) (size: 8) [[metadata]]
>>     8 (GenericNameComponent) (size: 9) [[%FD%00%00%01v%E4%90%7C%E1]]
>>     8 (GenericNameComponent) (size: 2) [[%00%00]]
>>   20 (MetaInfo) (size: 3)
>>     25 (FreshnessPeriod) (size: 1) [[%0A]]
>>   21 (Content) (size: 28)
>>     7 (Name) (size: 26)
>>       8 (GenericNameComponent) (size: 3) [[ndn]]
>>       8 (GenericNameComponent) (size: 2) [[CA]]
>>       8 (GenericNameComponent) (size: 4) [[INFO]]
>>       8 (GenericNameComponent) (size: 9) [[%FD%00%00%01v%E3%FB%F2%3B]]
>>   22 (SignatureInfo) (size: 27)
>>     27 (SignatureType) (size: 1) [[%03]]
>>     28 (KeyLocator) (size: 22)
>>       7 (Name) (size: 20)
>>         8 (GenericNameComponent) (size: 3) [[ndn]]
>>         8 (GenericNameComponent) (size: 3) [[KEY]]
>>         8 (GenericNameComponent) (size: 8) [[e%9D%7F%A5%C5%81%10%7D]]
>>   23 (SignatureValue) (size: 71)
>>     48 (RESERVED_1) (size: 69)
>>       2 (ParametersSha256DigestComponent) (size: 32)
>> [[%02%9Cy%D6%3A%D3%B1%03%DC%B8%95%12%F6%3C%8A%85%B2%D7%BB%E2l%2B%B6%00%1A%BA%E8N%5B%D5%17%8D]]
>>       2 (ParametersSha256DigestComponent) (size: 33)
>> [[%00%81%82%EB%A5%B2%C1%F50t%8B%B5%07%1E%05%E7%F5%80%1E%2C%EB%EF%3C%9E%5B%D8%80%2C_%92%F8%CC%18]]
>>
>
> Oh, we didn't notice there is a new version for RDR.
> Maybe this reflects we also need to update the online doc (I remembered we
> follow the spec on Redmine).
> Will fix this.
>

There isn't a new version of RDR, but there's a new version of naming
convention that is published in 2019. NDNCERT 0.3 adopted this version of
naming convention since the beginning.



*Prefix announcement for issued certificates*
I haven't been able to request any certificate because of the naming
convention issue above, but I noticed that you are not announcing the
prefixes of issued certificates into routing. This makes it impossible to
complete certificate issuance workflow unless the NDNCERT requester is
directly connected to the host where the CA is running.
You should register a prefix for each issued certificate using its
certificate name or key name, and the registration must be origin=65 so
that routing daemon would pick it up.

See https://talks.ndn.today PersonalCA_20200529.pptx page 15-20 for more
explanation.
Also look at https://nlsr-status.ndn.today to see all the prefix
registrations, including many from my CA deployments.

Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210110/cc50b4d6/attachment-0001.html>

More information about the Nfd-dev mailing list