Project

General

Profile

Actions

SignedInterest » History » Revision 4

« Previous | Revision 4/7 (diff) | Next »
Junxiao Shi, 12/13/2014 10:36 PM


Signed Interest

Signed Interest is a mechanism to issue an authenticated interest.

The signature of a signed Interest packet is embedded into the last component of the Interest name.
The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV:

+-------------+----------+-----------------------------------------------------------------------------------+
|  Interest   | Interest | +------+--------+--------------------------------------------------+ +----------+ |
| Type (0x01) |  length  | | Name |  Name  | +---------+--   --+---------+---------+---------+| | Other    | |
|             |          | | Type | Length | |Component|  ...  |Component|Component|Component|| | TLVs ... | |
|             |          | |      |        | |  TLV 1  |       | TLV n-2 | TLV n-1 |  TLV n  || | in       | |
|             |          | |      |        | +---------+--   --+---------+---------+---------+| | Interest | |
|             |          | +------+--------+--------------------------------------------------+ +----------+ |
+-------------+----------+-----------------------------------------------------------------------------------+

                                             \                                    /\        /
                                              ----------------  ------------------  ---  ---
                                                              \/                       \/
                                                   Signed portion of Interest       Signature

More specifically, the SignedInterest is defined to have four additional components:

  • <timestamp>
  • <nonce>
  • <SignatureInfo>
  • <SignatureValue>

For example, for /signed/interest/name name, CommandInterest will be defined as:

 /signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>

                      \                                                         /
                       -----------------------------  --------------------------
                                                    \/
                              Additional components of Signed Interest

Signed Interest specific Name components

Timestamp component (n-3 th)

The value of the n-3 th component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as nonNegativeInteger.
The timestamp may be used to protect against replay attack.

Nonce component (n-2 th)

The value of the n-2 th component is random value (encoded as nonNegativeInteger) that adds additional assurances that the interest will be unique.

SignatureInfo component (n-1 th)

The value of the n-1 th component is actually a SignatureInfo TLV.

+---------+---------+-------------------+
|Component|Component| +---------------+ |
|   Type  |  Length | | SignatureInfo | |
|         |         | |      TLV      | |
|         |         | +---------------+ |
+---------+---------+-------------------+

|                                       |
|<---------The n-1 th Component-------->|

SignatureValue component (n th)

The value of the n th component is actually a SignatureValue TLV.

+---------+---------+--------------------+
|Component|Component| +----------------+ |
|   Type  |  Length | | SignatureValue | |
|         |         | |      TLV       | |
|         |         | +----------------+ |
+---------+---------+--------------------+

|                                        |
|<----------The n th Component---------->|

Signed Interest Processing

How to verify signed interest may vary among applications, depending on the application specific communication model.
One possible processing style can be found here.

Updated by Junxiao Shi almost 10 years ago · 6 revisions