[Nfd-dev] [EXT]Re: Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Zhiyi Zhang zhiyi at cs.ucla.edu
Fri Jan 22 15:52:52 PST 2021 

On Fri, Jan 22, 2021 at 12:55 PM Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Hi Zhiyi
>
> There are still erroneous packets starting with /ndn/CA in the
> /localhost/repo-ng repository.
> To check that, go to https://suns.cs.ucla.edu/n/ , on "Routes" tab select
> "/ndn/CA" prefix. It should show only one nexthop pointing to the CA
> program.
> Currently it's showing two nexthops: a repo-ng instance and the CA program.
>
> Please delete the erroneous packets.
> If you are sure no erroneous packet exists, try restarting the repo-ng
> service and see whether the prefix registration clears up.
>

I delete the packet from the SQLite database operation.
I think I will need to restart it to reflect the change.


> Another problem is, the CA program is not responding to certificate
> retrieval Interests that carry the implicit digest component.
> This needs to be fixed in the CA program.
>
> https://github.com/Zhiyi-Zhang/ndncert/blob/aa60c96f609ba4a3c92344c77bbb63e6d7e116fa/tools/ndncert-ca-server.cpp#L152
>

Okay. I think I will need to use getFullName instead of getName()

Best,
Zhiyi

>
>
> Yours, Junxiao
>
> On Fri, Jan 22, 2021 at 2:18 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>
>> *External Email*
>> Hi Junxiao and John,
>>
>> As discussed during the NFD call:
>> * I just brought the NDNCERT back online without the dependencies on the
>> repo.
>> * Now the profile and published certs are kept by the NDNCERT CA tool. I
>> replaced map with a fixed size queue to prevent the cache from going
>> infinitely large.
>> * I've deleted the profile data from the repo
>>
>> @John Then, there is no need to set up a new repo-ng.
>> Thank you so much.
>>
>> Best,
>> Zhiyi
>>
>> On Fri, Jan 22, 2021 at 10:01 AM Junxiao Shi <
>> shijunxiao at email.arizona.edu> wrote:
>>
>>> Hi Zhiyi
>>>
>>> repo-ng at /localhost/repo-ng listens on TCP port 7376.
>>>
>>> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/repo-ng/templates/repo-ng.conf.j2#L35
>>> It has registration-subset=3.
>>>
>>> repo-ng at /localhost/repo-ng-2 listens on TCP port 7377.
>>>
>>> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/repo-ng/templates/repo-ng-2.conf.j2#L32
>>> It has registration-subset disabled.
>>>
>>> ndn-python-repo listens on TCP port 7378.
>>>
>>> https://github.com/WU-ARL/NDN_Ansible/blob/da31ed28c65c1e94a688070fc9be4ae74e4f6645/roles/ndn-python-repo/templates/ndn-python-repo.conf.j2#L26
>>>
>>> As explained in
>>> https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2021-January/004238.html
>>> , you need another instance of repo-ng with registration-subset=0 to
>>> publish your CA profile and issued certificates.
>>>
>>> Yours, Junxiao
>>>
>>> On Fri, Jan 22, 2021 at 12:54 PM Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>>>
>>>> *External Email*
>>>> Hi John,
>>>>
>>>> Could you also let me know the port number of different running
>>>> instances of repo? because NDNCERT is using TCP Bulk to insert packets to
>>>> repo.
>>>>
>>>> Best,
>>>> Zhiyi
>>>>
>>>> On Fri, Jan 22, 2021 at 8:34 AM Dehart, John <jdd at wustl.edu> wrote:
>>>>
>>>>>
>>>>> Looks like there was no ‘Restart’  entry in the systemd file for the
>>>>> python repo.
>>>>> I’ve added that and we’ll see if it does better.
>>>>>
>>>>> John
>>>>>
>>>>>
>>>>> On Jan 22, 2021, at 10:21 AM, Dehart, John via Nfd-dev <
>>>>> nfd-dev at lists.cs.ucla.edu> wrote:
>>>>>
>>>>>
>>>>>
>>>>> I’ll take a look at the repo issue. All testbed nodes should be
>>>>> running both repo-ng and python repo.
>>>>> Maybe its a systemd issue.
>>>>>
>>>>> John
>>>>>
>>>>> On Jan 20, 2021, at 9:38 PM, Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:
>>>>>
>>>>> Yeah. I found the repo is not running on the Suns: ERROR: Cannot
>>>>> publish certificate to repo-ng (Connection refused)
>>>>>
>>>>> @Lixia do you know who should I contact to deploy the repo? and which
>>>>> repo should be used?
>>>>>
>>>>> I just bring back the NDNCERT without the parameter to publish to the
>>>>> repo. After people figure out the repo deployment, I will update the
>>>>> parameter used in NDNCERT service.
>>>>>
>>>>> Best,
>>>>> Zhiyi
>>>>>
>>>>> On Wed, Jan 20, 2021 at 11:11 AM Junxiao Shi <
>>>>> shijunxiao at email.arizona.edu> wrote:
>>>>>
>>>>>> Hi Zhiyi
>>>>>>
>>>>>> As you mentioned on the 2021-01-15 NFD call, you have updated the
>>>>>> deployment to use 2019 Naming Convention.
>>>>>> However, I'm now unable to retrieve the CA profile - the CA is not
>>>>>> responding at all.
>>>>>>
>>>>>> $ ndnpeek -Pf /ndn/CA/INFO/32=metadata
>>>>>> $ echo $?
>>>>>> 3
>>>>>>
>>>>>> Wireshark and NFD counters indicate that the Interest has arrived on
>>>>>> suns.cs.ucla.edu, but there's no response.
>>>>>>
>>>>>> Yours, Junxiao
>>>>>>
>>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210122/3c129fd5/attachment-0001.html>

More information about the Nfd-dev mailing list