[Nfd-dev] certificate for interacting with NDN testbed
Junxiao Shi
shijunxiao at email.arizona.edu
Thu Jun 2 15:20:30 PDT 2022
Hi Nikos
To use prefix propagation feature, your end host must be able to respond to
certificate retrieval Interests, including not only your own certificate,
but also every intermediate certificate in the chain.
Go to this page, download each certificate mentioned above, and save the
files in a folder.
https://ndncert.named-data.net/cert/list/html
Then, run ndn6-serve-certs command to serve these certificates.
https://github.com/yoursunny/ndn6-tools/blob/main/serve-certs.md
You can install ndn6-serve-certs either from source code, or from
ndn6-tools package available on https://nfd-nightly.ndn.today repository.
Yours, Junxiao
On Thu, Jun 2, 2022 at 17:57 Nikos Fotiou <fotiou at aueb.gr> wrote:
> Dear Junxiao,
>
> Indeed I tried again and it worked.
>
>
>
> I received a certificate from UMemphis and everything work as expected.
> But I have a problem with /ndn/gr/edu/mmlab1/.
>
> I installed a certificate for the prexif
> “/ndn/gr/edu/mmlab1/%40GUEST/fotiou%40aueb.gr” and my app that used to
> work now fails to propagate the prefix. In nfd console I see errors like
> the following:
>
>
>
> 1654203850.713789 DEBUG: [nfd.Forwarder] onIncomingInterest in=(262,0)
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203850.714001 DEBUG: [nfd.ContentStore] find
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY no-match
>
> 1654203850.714157 DEBUG: [nfd.Forwarder] onContentStoreMiss
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203850.714413 DEBUG: [nfd.BestRouteStrategy2]
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY?CanBePrefix&Nonce=063a7833
> from=(262,0) noNextHop
>
> 1654203850.714782 DEBUG: [nfd.Forwarder] onOutgoingNack out=262
> nack=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY~NoRoute OK
>
> 1654203850.715591 DEBUG: [nfd.Forwarder] onInterestFinalize
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY unsatisfied
>
> 1654203854.714271 DEBUG: [nfd.Forwarder] onIncomingInterest in=(262,0)
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203854.714609 DEBUG: [nfd.ContentStore] find
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY no-match
>
> 1654203854.715022 DEBUG: [nfd.Forwarder] onContentStoreMiss
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203854.715156 DEBUG: [nfd.BestRouteStrategy2]
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY?CanBePrefix&Nonce=109a721f
> from=(262,0) noNextHop
>
> 1654203854.715425 DEBUG: [nfd.Forwarder] onOutgoingNack out=262
> nack=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY~NoRoute OK
>
> 1654203854.716321 DEBUG: [nfd.Forwarder] onInterestFinalize
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY unsatisfied
>
> 1654203858.714413 DEBUG: [nfd.Forwarder] onIncomingInterest in=(262,0)
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203858.714740 DEBUG: [nfd.ContentStore] find
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY no-match
>
> 1654203858.715035 DEBUG: [nfd.Forwarder] onContentStoreMiss
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> 1654203858.715158 DEBUG: [nfd.BestRouteStrategy2]
> /ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY?CanBePrefix&Nonce=94ae0e67
> from=(262,0) noNextHop
>
> 1654203858.715383 DEBUG: [nfd.Forwarder] onOutgoingNack out=262
> nack=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY~NoRoute OK
>
> 1654203858.716061 DEBUG: [nfd.Forwarder] onInterestFinalize
> interest=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY unsatisfied
>
> 1654203860.716052 DEBUG: [nfd.Readvertise] advertise
> /ndn/gr/edu/mmlab1/%40GUEST/fotiou%40aueb.gr failure request timed out
>
>
>
> The machine I am using is properly connected to the testbed ( I can do
> ndnping to testbed nodes) and I can see from ndnsec-ls-identity -vvv that “=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY”
> is the key that singed my certificate.
>
>
>
> * /ndn/gr/edu/mmlab1/%40GUEST/fotiou%40aueb.gr
>
> +->* /ndn/gr/edu/mmlab1/%40GUEST/fotiou%40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w
>
> +->* /ndn/gr/edu/mmlab1/%40GUEST/fotiou%
> 40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w/NA/v=1654200301902
>
> Certificate Name:
>
> /ndn/gr/edu/mmlab1/%40GUEST/fotiou%
> 40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w/NA/v=1654200301902
>
> Additional Description:
>
> advisor:
>
> email: fotiou at aueb.gr
>
> fullname:
>
> group:
>
> homeurl:
>
> organization: Athens University of Economics and Business,
> Greece
>
> Public Key:
>
> Key Type: 256-bit EC
>
>
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6gHv39YElwoOuXMWVVk2LYpjsuwf
>
> AX0VxoTNy3sIqAbq3sTr6ctB7n336aw057JdPW90BZgygtsgDoI8HBoNqQ==
>
> Validity:
>
> Not Before: 2022-06-01T20:05:01
>
> Not After: 2023-06-02T20:05:01
>
> Signature Information:
>
> Signature Type: SignatureSha256WithEcdsa
>
> Key Locator: Name=/ndn/gr/edu/mmlab1/KEY/sq%ECC1%28%ACY
>
> +-> /ndn/gr/edu/mmlab1/%40GUEST/fotiou%
> 40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w/self/v=1654200086756
>
> Certificate Name:
>
> /ndn/gr/edu/mmlab1/%40GUEST/fotiou%
> 40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w/self/v=1654200086756
>
> Public Key:
>
> Key Type: 256-bit EC
>
>
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6gHv39YElwoOuXMWVVk2LYpjsuwf
>
> AX0VxoTNy3sIqAbq3sTr6ctB7n336aw057JdPW90BZgygtsgDoI8HBoNqQ==
>
> Validity:
>
> Not Before: 2022-06-02T20:01:26
>
> Not After: 2042-05-28T20:01:26
>
> Signature Information:
>
> Signature Type: SignatureSha256WithEcdsa
>
> Key Locator: Name=/ndn/gr/edu/mmlab1/%40GUEST/fotiou%
> 40aueb.gr/KEY/%BC%2Cj%FA%91K%C0w
>
> Self-Signed: yes
>
>
>
> Any idea what is happening?
>
>
>
> By the way, I didn’t have success with ndncert client: I never receive the
> verification code. I tried both nikosft at gmail.com (which corresponds to
> /ndn/com/gmail/nikosft) as well as fotiou at aueb.gr (which corresponds to
> /ndn/gr/edu/mmlab1/aueb/fotiou)
>
>
>
> Best,
>
> Nikos
>
>
>
> *From:* Junxiao Shi <shijunxiao at email.arizona.edu>
> *Sent:* Thursday, June 2, 2022 9:40 PM
> *To:* Nikos Fotiou <fotiou at aueb.gr>
> *Cc:* nfd-dev at lists.cs.ucla.edu
> *Subject:* Re: [Nfd-dev] certificate for interacting with NDN testbed
>
>
>
> Hi Nikos
>
>
>
> There's no known outage of NDNCERT-legacy website
> https://ndncert.named-data.net/ . The frontpage appears accessible at
> this moment.
>
> If you receive a server error on a specific HTTP request, please provide
> an HAR or SAZ capture.
>
> You can generate an HAR capture with Chrome devtools, in Network tab right
> click and select "Save all as HAR".
>
> You can generate a SAZ capture with Fiddler app.
>
>
>
> The "new" way to obtain NDN testbed certificate is through the NDNCERT 0.3
> protocol.
>
> See instructions for the C++ NDNCERT client:
> https://gist.github.com/tianyuan129/dc97822f263612dd2a4df288fcbb3bc7
>
> There are other clients available, but no instructions yet.
>
> Nevertheless, I anticipate that the NDNCERT-legacy website would stay
> operational in next few months.
>
>
>
> Yours, Junxiao
>
>
>
> On Thu, Jun 2, 2022 at 11:45 AM Nikos Fotiou via Nfd-dev <
> nfd-dev at lists.cs.ucla.edu> wrote:
>
> Hi,
>
>
>
> Some time ago we developed an NDN application that used NDN testbed. In
> order to interact with the testbed we obtained a certificate from
> https://ndncert.named-data.net However our certificate has expired and
> the ndncert web site seems unresponsive (it outputs “internal server
> error”). Is this a temporary glitch, or has the process for obtaining a
> certificate changed?
>
>
>
> Best,
>
> Nikos
>
>
>
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
>
> Researcher - Mobile Multimedia Laboratory
>
> Athens University of Economics and Business
>
> https://mm.aueb.gr
>
>
>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> https://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20220602/3fefeda3/attachment-0001.html>
More information about the Nfd-dev
mailing list