SignedInterest » History » Revision 4
« Previous |
Revision 4/7
(diff)
| Next »
Junxiao Shi, 12/13/2014 10:36 PM
Signed Interest¶
Signed Interest is a mechanism to issue an authenticated interest.
The signature of a signed Interest packet is embedded into the last component of the Interest name.
The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV:
+-------------+----------+-----------------------------------------------------------------------------------+
| Interest | Interest | +------+--------+--------------------------------------------------+ +----------+ |
| Type (0x01) | length | | Name | Name | +---------+-- --+---------+---------+---------+| | Other | |
| | | | Type | Length | |Component| ... |Component|Component|Component|| | TLVs ... | |
| | | | | | | TLV 1 | | TLV n-2 | TLV n-1 | TLV n || | in | |
| | | | | | +---------+-- --+---------+---------+---------+| | Interest | |
| | | +------+--------+--------------------------------------------------+ +----------+ |
+-------------+----------+-----------------------------------------------------------------------------------+
\ /\ /
---------------- ------------------ --- ---
\/ \/
Signed portion of Interest Signature
More specifically, the SignedInterest is defined to have four additional components:
<timestamp>
<nonce>
<SignatureInfo>
<SignatureValue>
For example, for /signed/interest/name
name, CommandInterest will be defined as:
/signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>
\ /
----------------------------- --------------------------
\/
Additional components of Signed Interest
Signed Interest specific Name components¶
Timestamp component (n-3 th)¶
The value of the n-3 th component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as nonNegativeInteger.
The timestamp may be used to protect against replay attack.
Nonce component (n-2 th)¶
The value of the n-2 th component is random value (encoded as nonNegativeInteger) that adds additional assurances that the interest will be unique.
SignatureInfo component (n-1 th)¶
The value of the n-1 th component is actually a SignatureInfo TLV.
+---------+---------+-------------------+
|Component|Component| +---------------+ |
| Type | Length | | SignatureInfo | |
| | | | TLV | |
| | | +---------------+ |
+---------+---------+-------------------+
| |
|<---------The n-1 th Component-------->|
SignatureValue component (n th)¶
The value of the n th component is actually a SignatureValue TLV.
+---------+---------+--------------------+
|Component|Component| +----------------+ |
| Type | Length | | SignatureValue | |
| | | | TLV | |
| | | +----------------+ |
+---------+---------+--------------------+
| |
|<----------The n th Component---------->|
Signed Interest Processing¶
How to verify signed interest may vary among applications, depending on the application specific communication model.
One possible processing style can be found here.
Updated by Junxiao Shi almost 10 years ago · 6 revisions