SignedInterest » History » Version 7
Davide Pesavento, 06/15/2023 12:04 AM
| 1 | 7 | Davide Pesavento | **DEPRECATED**: *This document describes a deprecated format for signed Interest packets. The current format can be found in the [NDN Packet Specification](https://docs.named-data.net/NDN-packet-spec/0.3/signed-interest.html).* |
|---|---|---|---|
| 2 | |||
| 3 | --- |
||
| 4 | |||
| 5 | 1 | Yingdi Yu | Signed Interest |
| 6 | 6 | Davide Pesavento | =============== |
| 7 | |||
| 8 | 1 | Yingdi Yu | **Signed Interest** is a mechanism to issue an authenticated interest. |
| 9 | |||
| 10 | The signature of a signed Interest packet is embedded into the last component of the Interest name. |
||
| 11 | The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV: |
||
| 12 | |||
| 13 | +-------------+----------+-----------------------------------------------------------------------------------+ |
||
| 14 | | Interest | Interest | +------+--------+--------------------------------------------------+ +----------+ | |
||
| 15 | | Type (0x01) | length | | Name | Name | +---------+-- --+---------+---------+---------+| | Other | | |
||
| 16 | | | | | Type | Length | |Component| ... |Component|Component|Component|| | TLVs ... | | |
||
| 17 | | | | | | | | TLV 1 | | TLV n-2 | TLV n-1 | TLV n || | in | | |
||
| 18 | | | | | | | +---------+-- --+---------+---------+---------+| | Interest | | |
||
| 19 | | | | +------+--------+--------------------------------------------------+ +----------+ | |
||
| 20 | +-------------+----------+-----------------------------------------------------------------------------------+ |
||
| 21 | |||
| 22 | \ /\ / |
||
| 23 | ---------------- ------------------ --- --- |
||
| 24 | \/ \/ |
||
| 25 | Signed portion of Interest Signature |
||
| 26 | |||
| 27 | |||
| 28 | 5 | Yingdi Yu | More specifically, the SignedInterest is defined to have two additional components: |
| 29 | 1 | Yingdi Yu | |
| 30 | * ``<SignatureInfo>`` |
||
| 31 | * ``<SignatureValue>`` |
||
| 32 | |||
| 33 | 5 | Yingdi Yu | For example, for ``/signed/interest/name`` name, SignedInterest will be defined as: |
| 34 | 1 | Yingdi Yu | |
| 35 | 5 | Yingdi Yu | /signed/interest/name/<SignatureInfo>/<SignatureValue> |
| 36 | 1 | Yingdi Yu | |
| 37 | 5 | Yingdi Yu | \ / |
| 38 | -------------- -------------- |
||
| 39 | \/ |
||
| 40 | Additional components of Signed Interest |
||
| 41 | 1 | Yingdi Yu | |
| 42 | ## Signed Interest specific Name components |
||
| 43 | |||
| 44 | ### SignatureInfo component (n-1 *th*) |
||
| 45 | |||
| 46 | The value of the n-1 *th* component is actually a [SignatureInfo](http://named-data.net/doc/ndn-tlv/signature.html) TLV. |
||
| 47 | |||
| 48 | +---------+---------+-------------------+ |
||
| 49 | |Component|Component| +---------------+ | |
||
| 50 | | Type | Length | | SignatureInfo | | |
||
| 51 | | | | | TLV | | |
||
| 52 | | | | +---------------+ | |
||
| 53 | +---------+---------+-------------------+ |
||
| 54 | |||
| 55 | | | |
||
| 56 | |<---------The n-1 th Component-------->| |
||
| 57 | |||
| 58 | ### SignatureValue component (n *th*) |
||
| 59 | |||
| 60 | The value of the n *th* component is actually a [SignatureValue](http://named-data.net/doc/ndn-tlv/signature.html) TLV. |
||
| 61 | |||
| 62 | +---------+---------+--------------------+ |
||
| 63 | |Component|Component| +----------------+ | |
||
| 64 | | Type | Length | | SignatureValue | | |
||
| 65 | | | | | TLV | | |
||
| 66 | | | | +----------------+ | |
||
| 67 | +---------+---------+--------------------+ |
||
| 68 | |||
| 69 | | | |
||
| 70 | |<----------The n th Component---------->| |
||
| 71 | |||
| 72 | |||
| 73 | ## Signed Interest Processing |
||
| 74 | |||
| 75 | 5 | Yingdi Yu | Signed interest verification is simply signature verification. In other words, checking the wire encoding of the first n-1 name components against the value of the last name component (SignatureValue). |
| 76 | |||
| 77 | ## Use of Signed Interest |
||
| 78 | |||
| 79 | Signed interest can be extended to handle control command. In this case, more name components (such as nonce and timestamp) need to be encoded before the SignatureInfo component to prevent replay attack. |