NFD » NDN Specifications

# KITE

The **KITE protocol** allows building forwarding paths for prefixes using *authenticated* Interest-Data exchanges between a Mobile Producer (MP) and a trusted Rendezvous Server (RV).

An MP sends a **KITE request** (a signed Interest), which is forwarded to the RV because the RV announces a prefix of the name. The KITE request leaves traces in the stateful forwarding plane (PIT entries) of the traversed routers, constructing a reverse forwarding path for Data to be sent back to the MP. The RV will verify the information carried in the KITE request (primarily the signature, hence the phrase "authenticated Interest-Data exchange") and will respond to legitimate requests with a **KITE acknowledgment** (a Data packet). The KITE acknowledgment sent by the RV will trigger intermediate routers to save the reversed forwarding path for Data as Interest forwarding information, for a prefix specified by the name of the Interest-Data exchange.

## KITE Request

A **KITE request** is a [signed Interest](https://named-data.net/doc/NDN-packet-spec/0.3/signed-interest.html) that carries both a timestamp and a nonce to prevent replay attacks. A KITE request is signed and sent by an MP and verified by an RV.

An Interest packet that satisfies the following requirements is a KITE request:

* Conforms to the signed Interest specification.

* With the trailing `ParametersSha256DigestComponent` removed, the remaining (leading) part of the name conforms to KITE request name specification (see below).

* Optionally, the `ApplicationParameters` element contains the expiration period for the forwarding path. This must be a TLV element of type `ExpirationPeriod` (see [[nfd:ControlCommand]]).

KITE request name specification:

* Starts with an *RV prefix*, i.e., a prefix announced by an RV.

* Followed by a "`32=KITE`" keyword name component.

* Ends with a *producer suffix*, i.e., one or more arbitrary name components. The concatenation of an RV prefix and a producer suffix in the same KITE request name is the **producer prefix** specified in this name. The forwarding path to be set up is for the producer prefix.

For example, given RV prefix `/RV` and producer suffix `/Alice`, thus making the producer prefix `/RV/Alice`, the full name of the corresponding KITE request should be:

~~~

  /RV/32=KITE/Alice/<ParametersSha256DigestComponent>

~~~

## KITE Acknowledgment

A **KITE acknowledgment** is a Data packet sent by the RV for an Interest (a KITE request) that passes verification. A KITE request that passes the verification is supposed to be sent by the owner of the specified producer prefix for which the forwarding path is set up.

A Data packet that satisfies the following requirements is a KITE acknowledgement (note that a KITE acknowledgment is always generated in response to a KITE request):

* Has the same name as the KITE request.

* `ContentType` is 6 (KITE Acknowledgment).

* Carries a *prefix announcement* (PA) object as payload (see [[nfd:PrefixAnnouncement]]). The "announced prefix" indicated by the PA object must be the same as the producer prefix specified in the name (refer to KITE request specification for determining the producer prefix).