Project

General

Profile

Actions
History

SignedInterest » History » Revision 3

« Previous | Revision 3/7 (diff) | Next »
Yingdi Yu, 12/12/2014 10:43 PM

Signed Interest

Signed Interest is a mechanism to issue an authenticated interest.

The signature of a signed Interest packet is embedded into the last component of the Interest name.
The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV:

+-------------+----------+-----------------------------------------------------------------------------------+
|  Interest   | Interest | +------+--------+--------------------------------------------------+ +----------+ |
| Type (0x01) |  length  | | Name |  Name  | +---------+--   --+---------+---------+---------+| | Other    | |
|             |          | | Type | Length | |Component|  ...  |Component|Component|Component|| | TLVs ... | |
|             |          | |      |        | |  TLV 1  |       | TLV n-2 | TLV n-1 |  TLV n  || | in       | |
|             |          | |      |        | +---------+--   --+---------+---------+---------+| | Interest | |
|             |          | +------+--------+--------------------------------------------------+ +----------+ |
+-------------+----------+-----------------------------------------------------------------------------------+

                                             \                                    /\        /
                                              ----------------  ------------------  ---  ---
                                                              \/                       \/
                                                   Signed portion of Interest       Signature

More specifically, the SignedInterest is defined to have four additional components:

  • <timestamp>
  • <nonce>
  • <SignatureInfo>
  • <SignatureValue>

For example, for /signed/interest/name name, CommandInterest will be defined as:

 /signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>

                      \                                                         /
                       -----------------------------  --------------------------
                                                    \/
                              Additional components of Signed Interest

Signed Interest specific Name components

Timestamp component (n-3 th)

The value of the n-3 th component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as nonNegativeInteger.
The timestamp may be used to protect against replay attack.

Nonce component (n-2 th)

The value of the n-2 th component is random value (encoded as nonNegativeInteger) that adds additional assurances that the interest will be unique.

SignatureInfo component (n-1 th)

The value of the n-1 th component is actually a SignatureInfo TLV.

+---------+---------+-------------------+
|Component|Component| +---------------+ |
|   Type  |  Length | | SignatureInfo | |
|         |         | |      TLV      | |
|         |         | +---------------+ |
+---------+---------+-------------------+

|                                       |
|<---------The n-1 th Component-------->|

SignatureValue component (n th)

The value of the n th component is actually a SignatureValue TLV.

+---------+---------+--------------------+
|Component|Component| +----------------+ |
|   Type  |  Length | | SignatureValue | |
|         |         | |      TLV       | |
|         |         | +----------------+ |
+---------+---------+--------------------+

|                                        |
|<----------The n th Component---------->|

How to verify signed interest may vary among applications, depending on the application specific communication model.
One possible processing style can be found here.

Updated by Yingdi Yu over 9 years ago · 3 revisions