SignedInterest » History » Revision 4
Revision 3 (Yingdi Yu, 12/12/2014 10:43 PM) → Revision 4/7 (Junxiao Shi, 12/13/2014 10:36 PM)
Signed Interest
===============
**Signed Interest** is a mechanism to issue an authenticated interest.
The signature of a signed Interest packet is embedded into the last component of the Interest name.
The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV:
+-------------+----------+-----------------------------------------------------------------------------------+
| Interest | Interest | +------+--------+--------------------------------------------------+ +----------+ |
| Type (0x01) | length | | Name | Name | +---------+-- --+---------+---------+---------+| | Other | |
| | | | Type | Length | |Component| ... |Component|Component|Component|| | TLVs ... | |
| | | | | | | TLV 1 | | TLV n-2 | TLV n-1 | TLV n || | in | |
| | | | | | +---------+-- --+---------+---------+---------+| | Interest | |
| | | +------+--------+--------------------------------------------------+ +----------+ |
+-------------+----------+-----------------------------------------------------------------------------------+
\ /\ /
---------------- ------------------ --- ---
\/ \/
Signed portion of Interest Signature
More specifically, the SignedInterest is defined to have four additional components:
* ``<timestamp>``
* ``<nonce>``
* ``<SignatureInfo>``
* ``<SignatureValue>``
For example, for ``/signed/interest/name`` name, CommandInterest will be defined as:
/signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>
\ /
----------------------------- --------------------------
\/
Additional components of Signed Interest
## Signed Interest specific Name components
### Timestamp component (n-3 *th*)
The value of the n-3 *th* component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as [nonNegativeInteger](http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding).
The timestamp may be used to protect against replay attack.
### Nonce component (n-2 *th*)
The value of the n-2 *th* component is random value (encoded as [nonNegativeInteger](http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding)) that adds additional assurances that the interest will be unique.
### SignatureInfo component (n-1 *th*)
The value of the n-1 *th* component is actually a [SignatureInfo](http://named-data.net/doc/ndn-tlv/signature.html) TLV.
+---------+---------+-------------------+
|Component|Component| +---------------+ |
| Type | Length | | SignatureInfo | |
| | | | TLV | |
| | | +---------------+ |
+---------+---------+-------------------+
| |
|<---------The n-1 th Component-------->|
### SignatureValue component (n *th*)
The value of the n *th* component is actually a [SignatureValue](http://named-data.net/doc/ndn-tlv/signature.html) TLV.
+---------+---------+--------------------+
|Component|Component| +----------------+ |
| Type | Length | | SignatureValue | |
| | | | TLV | |
| | | +----------------+ |
+---------+---------+--------------------+
| |
|<----------The n th Component---------->|
## Signed Interest Processing
How to verify signed interest may vary among applications, depending on the application specific communication model.
One possible processing style can be found [here](http://redmine.named-data.net/projects/ndn-cxx/wiki/SignedInterestProcessing).