Redesign Signed Interest and Command Interest to use Parameters
SignedInterest places a signature as part of the Interest name. Its extension CommandInterest adds protection against replay attacks by adding more name components.
Packet Format v0.3 introduces a Parameters element as part of the Interest. This issue is to design a new protocol that places signature and replay-protection fields into Parameters, so that the response Data does not need to send them back in the name.
#5 Updated by Junxiao Shi 3 months ago
On 20181202 call, I pointed out a significant problem with 4942,22:
The ParametersSha256DigestComponent is being used for two purposes: (1) identify Parameters (and possibly SignatureInfo) as basis of signing; (2) ensure every Interest has a different name during forwarding.
As a result, a malicious consumer could modify the SignatureValue and confuse PIT aggregation, triggering a denial-of-service attack that is impossible to detect from the network without having a universal trust schema.
My proposal to fix this problem is:
- For signing purpose, a digest over Parameters (if present) and SignatureInfo is appended temporarily to the name. This name is used for signing.
- After signing, a digest over Parameters (if present), SignatureInfo, and SignatureValue is put into the name and transmitted.