Task #1204

Redesign of signing process / Per-instance signing keys

Added by Alex Afanasyev almost 7 years ago. Updated about 6 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Signing process should not directly use TPM-based signing in KeyChain to sign all Data and Interests. Instead, there should be an API to generate a key pair and a (properly signed) certificate for the running instance of the application.

This task also includes figuring out the way to store/exchange the per-instance certificate. For example, should it be published or be available only during application instance active time?


Updated by Junxiao Shi over 6 years ago

  • Description updated (diff)

Certificates must be published. Otherwise, Data cannot be verified once the certificate is gone.

Publishing per-instance certificates is expensive, especially for short-lived producers.
If ndn-tlv-poke is called once per minutes, it's 1440 certificates per day.

Per-instance signing are suitable for a few apps that (1) are long-lived producers (2) Data are not useful beyond producer lifetime.
It should not be the default signing method in the library.


Updated by Alex Afanasyev over 6 years ago

For applications such as ndn-tlv-ping (real-time-like apps when data is not longer useful after application stops), publishing can be accomplished with the result of task #1480

For other types of Data, I agree that we need to define a way (and where) to publish certificates.


Updated by Junxiao Shi over 6 years ago

  • Category set to Security

Updated by Junxiao Shi about 6 years ago

One solution to the certificate publishing problem is #1529.

However, as pointed out in note-1, this is unsuitable for short-lived producers.

Also available in: Atom PDF