Project

General

Profile

Actions

Feature #1814

closed

Secure localhost data retrieval through NFD

Added by Yingdi Yu over 10 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Forwarding
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Some localhost applications (such NRD, PIB) may produce data packets.
Consider the high volume of produced data packets, it would be too expensive to sign every data packet.
Therefore, it would be useful to have another mechanism to authenticate data without signature.

One solution to the problem could be relying on NFD forwarding to "authenticate" the data produced by localhost applications.
Specifically, since authentication is required to register /localhost/nrd, NFD can associate the prefix to the face of NRD.
As a result, if we can trust NFD to forward NRD interests only to the face of NRD and trust NFD to reject a data packet with the prefix /localhost/nrd when it is not received from the face of NRD, then we can safely assume that all NRD data are actually produced by NRD, and no authentication is required any more. Same for PIB (/localhost/pib).

With the solution above, localhost applications (such as NRD, PIB) does not have sign their data, and other applications talking to them does not have to verify the data neither.

Actions

Also available in: Atom PDF