[Nfd-dev] [EXT]Re: Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Fri Jan 22 11:18:13 PST 2021

Hi Junxiao and John,

As discussed during the NFD call:
* I just brought the NDNCERT back online without the dependencies on the
repo.
* Now the profile and published certs are kept by the NDNCERT CA tool. I
replaced map with a fixed size queue to prevent the cache from going
infinitely large.
* I've deleted the profile data from the repo

@John Then, there is no need to set up a new repo-ng.
Thank you so much.

Best,
Zhiyi

On Fri, Jan 22, 2021 at 10:01 AM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> repo-ng at /localhost/repo-ng listens on TCP port 7376.
>
> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/repo-ng/templates/repo-ng.conf.j2#L35
> It has registration-subset=3.
>
> repo-ng at /localhost/repo-ng-2 listens on TCP port 7377.
>
> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/repo-ng/templates/repo-ng-2.conf.j2#L32
> It has registration-subset disabled.
>
> ndn-python-repo listens on TCP port 7378.
>
> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/ndn-python-repo/templates/ndn-python-repo.conf.j2#L26
>
> As explained in
> https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2021-January/004238.html
> , you need another instance of repo-ng with registration-subset=0 to
> publish your CA profile and issued certificates.
>
> Yours, Junxiao
>
> On Fri, Jan 22, 2021 at 12:54 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>
>> *External Email*
>> Hi John,
>>
>> Could you also let me know the port number of different running instances
>> of repo? because NDNCERT is using TCP Bulk to insert packets to repo.
>>
>> Best,
>> Zhiyi
>>
>> On Fri, Jan 22, 2021 at 8:34 AM Dehart, John <jdd at wustl.edu> wrote:
>>
>>>
>>> Looks like there was no ‘Restart’  entry in the systemd file for the
>>> python repo.
>>> I’ve added that and we’ll see if it does better.
>>>
>>> John
>>>
>>>
>>> On Jan 22, 2021, at 10:21 AM, Dehart, John via Nfd-dev <
>>> nfd-dev at lists.cs.ucla.edu> wrote:
>>>
>>>
>>>
>>> I’ll take a look at the repo issue. All testbed nodes should be running
>>> both repo-ng and python repo.
>>> Maybe its a systemd issue.
>>>
>>> John
>>>
>>> On Jan 20, 2021, at 9:38 PM, Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>>>
>>> Yeah. I found the repo is not running on the Suns: ERROR: Cannot publish
>>> certificate to repo-ng (Connection refused)
>>>
>>> @Lixia do you know who should I contact to deploy the repo? and which
>>> repo should be used?
>>>
>>> I just bring back the NDNCERT without the parameter to publish to the
>>> repo. After people figure out the repo deployment, I will update the
>>> parameter used in NDNCERT service.
>>>
>>> Best,
>>> Zhiyi
>>>
>>> On Wed, Jan 20, 2021 at 11:11 AM Junxiao Shi <
>>> shijunxiao at email.arizona.edu> wrote:
>>>
>>>> Hi Zhiyi
>>>>
>>>> As you mentioned on the 2021-01-15 NFD call, you have updated the
>>>> deployment to use 2019 Naming Convention.
>>>> However, I'm now unable to retrieve the CA profile - the CA is not
>>>> responding at all.
>>>>
>>>> $ ndnpeek -Pf /ndn/CA/INFO/32=metadata
>>>> $ echo $?
>>>> 3
>>>>
>>>> Wireshark and NFD counters indicate that the Interest has arrived on
>>>> suns.cs.ucla.edu, but there's no response.
>>>>
>>>> Yours, Junxiao
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210122/2bd6226a/attachment.html>