SignedInterest » History » Revision 3
« Previous |
Revision 3/7
(diff)
| Next »
Yingdi Yu, 12/12/2014 10:43 PM
Signed Interest¶
Signed Interest is a mechanism to issue an authenticated interest.
The signature of a signed Interest packet is embedded into the last component of the Interest name.
The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV:
+-------------+----------+-----------------------------------------------------------------------------------+
| Interest | Interest | +------+--------+--------------------------------------------------+ +----------+ |
| Type (0x01) | length | | Name | Name | +---------+-- --+---------+---------+---------+| | Other | |
| | | | Type | Length | |Component| ... |Component|Component|Component|| | TLVs ... | |
| | | | | | | TLV 1 | | TLV n-2 | TLV n-1 | TLV n || | in | |
| | | | | | +---------+-- --+---------+---------+---------+| | Interest | |
| | | +------+--------+--------------------------------------------------+ +----------+ |
+-------------+----------+-----------------------------------------------------------------------------------+
\ /\ /
---------------- ------------------ --- ---
\/ \/
Signed portion of Interest Signature
More specifically, the SignedInterest is defined to have four additional components:
<timestamp>
<nonce>
<SignatureInfo>
<SignatureValue>
For example, for /signed/interest/name
name, CommandInterest will be defined as:
/signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>
\ /
----------------------------- --------------------------
\/
Additional components of Signed Interest
Signed Interest specific Name components¶
Timestamp component (n-3 th)¶
The value of the n-3 th component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as nonNegativeInteger.
The timestamp may be used to protect against replay attack.
Nonce component (n-2 th)¶
The value of the n-2 th component is random value (encoded as nonNegativeInteger) that adds additional assurances that the interest will be unique.
SignatureInfo component (n-1 th)¶
The value of the n-1 th component is actually a SignatureInfo TLV.
+---------+---------+-------------------+
|Component|Component| +---------------+ |
| Type | Length | | SignatureInfo | |
| | | | TLV | |
| | | +---------------+ |
+---------+---------+-------------------+
| |
|<---------The n-1 th Component-------->|
SignatureValue component (n th)¶
The value of the n th component is actually a SignatureValue TLV.
+---------+---------+--------------------+
|Component|Component| +----------------+ |
| Type | Length | | SignatureValue | |
| | | | TLV | |
| | | +----------------+ |
+---------+---------+--------------------+
| |
|<----------The n th Component---------->|
How to verify signed interest may vary among applications, depending on the application specific communication model.
One possible processing style can be found here.
Updated by Yingdi Yu over 9 years ago · 3 revisions