blob: dcf9c653d29fc1063cbfb950d0f02cc51c4948e3 [file] [log] [blame]
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04001Signature
2=========
3
Davide Pesavento3c0bc312020-05-18 22:03:09 -04004.. _DataSignature:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +00005
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04006Data Signature
7--------------
Alexander Afanasyeveee8c252013-11-21 23:22:41 +00008
Davide Pesavento3c0bc312020-05-18 22:03:09 -04009The NDN Data packet signature is defined as two consecutive TLV elements: ``SignatureInfo`` and ``SignatureValue``.
Alexander Afanasyev7455e9b2014-06-25 09:41:08 -070010
Alexander Afanasyeve2800232013-11-27 02:24:14 +000011::
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000012
Junxiao Shi78ce2952019-05-07 15:34:00 -040013 DataSignature = SignatureInfo SignatureValue
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000014
Junxiao Shi78ce2952019-05-07 15:34:00 -040015 SignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
16 SignatureType
17 [KeyLocator]
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000018
Junxiao Shi78ce2952019-05-07 15:34:00 -040019 SignatureValue = SIGNATURE-VALUE-TYPE TLV-LENGTH *OCTET
Zhiyi Zhang47e51372019-02-25 13:47:01 -080020
Davide Pesavento3c0bc312020-05-18 22:03:09 -040021The ``SignatureInfo`` element fully describes the digital signature algorithm utilized and any other relevant information to locate its parent certificate(s), such as :ref:`KeyLocator`.
22
23The ``SignatureValue`` element holds the actual bits of the signature. The exact encoding of the TLV-VALUE of this element depends on the specific signature type. See :ref:`SignatureTypes` for details.
24
25The cryptographic signature contained in ``SignatureValue`` covers all TLV elements inside ``Data``, starting from ``Name`` and up to, but not including, ``SignatureValue``.
26These TLV elements are hereby referred to as the "*signed portion*" of a Data packet.
27
28
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040029.. _InterestSignature:
30
31Interest Signature
32------------------
33
Davide Pesavento3c0bc312020-05-18 22:03:09 -040034The NDN Interest packet signature is defined as two consecutive TLV elements: ``InterestSignatureInfo`` and ``InterestSignatureValue``.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040035
36::
37
Junxiao Shi78ce2952019-05-07 15:34:00 -040038 InterestSignature = InterestSignatureInfo InterestSignatureValue
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040039
Junxiao Shi78ce2952019-05-07 15:34:00 -040040 InterestSignatureInfo = INTEREST-SIGNATURE-INFO-TYPE TLV-LENGTH
41 SignatureType
42 [KeyLocator]
43 [SignatureNonce]
44 [SignatureTime]
45 [SignatureSeqNum]
46
47 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE TLV-LENGTH *OCTET
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040048
Davide Pesavento3c0bc312020-05-18 22:03:09 -040049The ``InterestSignatureInfo`` element fully describes the digital signature algorithm utilized and any other relevant information to locate its parent certificate(s), such as :ref:`KeyLocator`.
50To ensure the uniqueness of a signed Interest and to mitigate potential replay attacks, the ``InterestSignatureInfo`` element SHOULD include at least one of the following elements (described below): ``SignatureNonce``, ``SignatureTime``, ``SignatureSeqNum``.
51
52The ``InterestSignatureValue`` element holds the actual bits of the signature. The exact encoding of the TLV-VALUE of this element depends on the specific signature type. See :ref:`SignatureTypes` for details.
53
54The cryptographic signature contained in ``InterestSignatureValue`` covers all the ``NameComponent`` elements in the Interest's ``Name`` up to, but not including, ``ParametersSha256DigestComponent``, and the complete TLV elements starting from ``ApplicationParameters`` up to, but not including, ``InterestSignatureValue``.
55These TLV elements are hereby referred to as the "*signed portion*" of an Interest packet.
56
57
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040058Signature Elements
59------------------
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000060
Alexander Afanasyeve2800232013-11-27 02:24:14 +000061SignatureType
Davide Pesavento3c0bc312020-05-18 22:03:09 -040062^^^^^^^^^^^^^
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000063
Alexander Afanasyeve2800232013-11-27 02:24:14 +000064::
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000065
Davide Pesaventof9353df2020-06-21 19:19:56 -040066 SignatureType = SIGNATURE-TYPE-TYPE TLV-LENGTH NonNegativeInteger
Jeff Thompsond4225d42014-06-09 12:32:21 -070067
Davide Pesavento3c0bc312020-05-18 22:03:09 -040068This specification defines the following values for ``SignatureType``:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000069
Jeff Thompsond4225d42014-06-09 12:32:21 -070070+---------+----------------------------------------+-------------------------------------------------+
71| Value | Reference | Description |
72+=========+========================================+=================================================+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040073| 0 | :ref:`DigestSha256` | Integrity protection using a SHA-256 digest |
Jeff Thompsond4225d42014-06-09 12:32:21 -070074+---------+----------------------------------------+-------------------------------------------------+
75| 1 | :ref:`SignatureSha256WithRsa` | Integrity and provenance protection using |
Davide Pesavento3c0bc312020-05-18 22:03:09 -040076| | | an RSA signature over a SHA-256 digest |
Jeff Thompsond4225d42014-06-09 12:32:21 -070077+---------+----------------------------------------+-------------------------------------------------+
78| 3 | :ref:`SignatureSha256WithEcdsa` | Integrity and provenance protection using |
79| | | an ECDSA signature over a SHA-256 digest |
80+---------+----------------------------------------+-------------------------------------------------+
Jeff Thompson29840e82015-04-06 15:21:21 -070081| 4 | :ref:`SignatureHmacWithSha256` | Integrity and provenance protection using |
Davide Pesavento3c0bc312020-05-18 22:03:09 -040082| | | a SHA-256 hash-based message authentication code|
Jeff Thompson29840e82015-04-06 15:21:21 -070083+---------+----------------------------------------+-------------------------------------------------+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040084| 2,5-200 | | Reserved for future assignments |
Jeff Thompsond4225d42014-06-09 12:32:21 -070085+---------+----------------------------------------+-------------------------------------------------+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040086| >200 | | Unassigned |
Jeff Thompsond4225d42014-06-09 12:32:21 -070087+---------+----------------------------------------+-------------------------------------------------+
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000088
Alexander Afanasyev4b896112014-06-23 21:47:15 -070089.. _KeyLocator:
90
91KeyLocator
Davide Pesavento3c0bc312020-05-18 22:03:09 -040092^^^^^^^^^^
Alexander Afanasyev4b896112014-06-23 21:47:15 -070093
Davide Pesavento3c0bc312020-05-18 22:03:09 -040094A ``KeyLocator`` specifies either a ``Name`` that points to another Data packet containing a certificate or public key, or a ``KeyDigest`` that identifies the public key within a specific trust model (definition of the trust model is outside the scope of this specification).
95Note that although ``KeyLocator`` is defined as an optional field in ``SignatureInfo`` and ``InterestSignatureInfo``, specific signature types may require its presence or absence.
Alexander Afanasyev4b896112014-06-23 21:47:15 -070096
97::
98
Junxiao Shi78ce2952019-05-07 15:34:00 -040099 KeyLocator = KEY-LOCATOR-TYPE TLV-LENGTH (Name / KeyDigest)
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700100
Junxiao Shi78ce2952019-05-07 15:34:00 -0400101 KeyDigest = KEY-DIGEST-TYPE TLV-LENGTH *OCTET
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700102
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400103See :ref:`Name specification <Name>` for the definition of ``Name``.
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700104
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400105The specific definition of the proper usage of the ``Name`` and ``KeyDigest`` options in the ``KeyLocator`` field is outside the scope of this specification.
106Generally, ``Name`` names the Data packet containing the corresponding certificate.
107However, it is up to the specific trust model to define whether this name is the full name of the Data packet or a prefix that can match multiple Data packets.
108For example, the hierarchical trust model :cite:`testbed-key-management` uses the latter approach, requiring clients to fetch the latest version of the Data packet pointed to by ``KeyLocator`` (the latest version of the public key certificate) in order to ensure that the public key was not yet revoked.
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700109
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800110.. _SignatureInfoNonce:
111
112SignatureNonce
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400113^^^^^^^^^^^^^^
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800114
115::
116
Eric Newberry437dc8c2020-05-29 09:48:18 -0700117 SignatureNonce = SIGNATURE-NONCE-TYPE TLV-LENGTH 1*OCTET
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800118
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800119The ``SignatureNonce`` element adds additional assurances that a signature will be unique.
Eric Newberry437dc8c2020-05-29 09:48:18 -0700120The recommended minimum length for a ``SignatureNonce`` element is 8 octets.
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800121
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400122.. _SignatureTime:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800123
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400124SignatureTime
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400125^^^^^^^^^^^^^
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800126
127::
128
Davide Pesaventof9353df2020-06-21 19:19:56 -0400129 SignatureTime = SIGNATURE-TIME-TYPE TLV-LENGTH NonNegativeInteger
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800130
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400131The value of the ``SignatureTime`` element is the timestamp of the signature, represented as the number of milliseconds since 1970-01-01T00:00:00Z (Unix epoch).
132This element can be used to indicate that the packet was signed at a particular point in time.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400133
134.. _SignatureSeqNum:
135
136SignatureSeqNum
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400137^^^^^^^^^^^^^^^
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400138
139::
140
Davide Pesaventof9353df2020-06-21 19:19:56 -0400141 SignatureSeqNum = SIGNATURE-SEQ-NUM-TYPE TLV-LENGTH NonNegativeInteger
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400142
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400143The ``SignatureSeqNum`` element adds additional assurances that a signature will be unique.
144The ``SignatureSeqNum`` may be used to protect against replay attacks.
145
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800146
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400147.. _SignatureTypes:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800148
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400149Different Types of Signatures
150-----------------------------
151
152Each signature type has different requirements on the format of its ``SignatureInfo`` and ``InterestSignatureInfo`` elements.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400153In the following sections, these requirements are specified along 2 dimensions:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800154
155* The TLV-VALUE of ``SignatureType``
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400156* Whether ``KeyLocator`` is required/forbidden
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800157
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000158.. _DigestSha256:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +0000159
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000160DigestSha256
161^^^^^^^^^^^^
Alexander Afanasyeveee8c252013-11-21 23:22:41 +0000162
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400163``DigestSha256`` provides no information about the provenance of a packet or any guarantee that the packet is from the original source.
164This signature type is intended only for debug purposes and in the limited circumstances when it is necessary to protect only against unexpected modification during transmission.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000165
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400166``DigestSha256`` is defined as the SHA-256 hash of the "signed portion" of an Interest or Data packet:
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000167
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800168* The TLV-VALUE of ``SignatureType`` is 0
169* ``KeyLocator`` is forbidden; if present, it must be ignored
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000170
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800171::
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000172
Junxiao Shi78ce2952019-05-07 15:34:00 -0400173 SignatureValue = SIGNATURE-VALUE-TYPE
174 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400175 32OCTET ; == SHA-256{Data signed portion}
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000176
Junxiao Shi78ce2952019-05-07 15:34:00 -0400177 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
178 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400179 32OCTET ; == SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400180
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000181.. _SignatureSha256WithRsa:
182
183SignatureSha256WithRsa
184^^^^^^^^^^^^^^^^^^^^^^
185
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400186``SignatureSha256WithRsa`` defines an RSA public key signature that is calculated over the SHA-256 hash of the "signed portion" of an Interest or Data packet.
187It uses the RSASSA-PKCS1-v1_5 signature scheme, as defined in `RFC 8017, Section 8.2 <https://tools.ietf.org/html/rfc8017#section-8.2>`__.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000188
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800189* The TLV-VALUE of ``SignatureType`` is 1
190* ``KeyLocator`` is required
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000191
192::
193
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400194 SignatureValue = SIGNATURE-VALUE-TYPE
195 TLV-LENGTH
196 1*OCTET ; == RSA over SHA-256{Data signed portion}
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000197
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400198 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
199 TLV-LENGTH
200 1*OCTET ; == RSA over SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400201
Alexander Afanasyev16962fc2014-02-12 19:53:47 +0000202.. note::
203
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400204 The TLV-LENGTH of these elements varies depending on the length of the private key used for signing (e.g., 256 bytes for a 2048-bit key).
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000205
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400206This type of signature, if verified, provides very strong assurances that a packet was created by the claimed producer (authentication/provenance) and was not tampered with while in transit (integrity).
207The ``KeyDigest`` option in :ref:`KeyLocator` is defined as the SHA-256 digest over the DER encoding of the ``SubjectPublicKeyInfo`` for an RSA key as defined by `RFC 3279 <https://tools.ietf.org/html/rfc3279>`__."
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000208
209.. note::
210
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400211 It is the application's responsibility to define rules (a trust model) concerning when a specific issuer (``KeyLocator``) is authorized to sign a specific packet.
212 While trust models are outside the scope of this specification, generally, trust models need to specify authorization rules between key names and Data packet names, as well as clearly define trust anchor(s).
213 For example, an application can elect to use a hierarchical trust model :cite:`testbed-key-management` to ensure Data integrity and provenance.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000214
Jeff Thompsond4225d42014-06-09 12:32:21 -0700215.. _SignatureSha256WithEcdsa:
216
217SignatureSha256WithEcdsa
218^^^^^^^^^^^^^^^^^^^^^^^^
219
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400220``SignatureSha256WithEcdsa`` defines an ECDSA public key signature that is calculated over the SHA-256 hash of the "signed portion" of an Interest or Data packet.
221This signature algorithm is defined in `RFC 5753, Section 2.1 <http://tools.ietf.org/html/rfc5753#section-2.1>`__.
222All NDN implementations MUST support this signature type with the NIST P-256 curve.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700223
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800224* The TLV-VALUE of ``SignatureType`` is 3
225* ``KeyLocator`` is required
Jeff Thompsond4225d42014-06-09 12:32:21 -0700226
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800227::
Jeff Thompsond4225d42014-06-09 12:32:21 -0700228
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400229 SignatureValue = SIGNATURE-VALUE-TYPE
230 TLV-LENGTH
231 1*OCTET ; == ECDSA over SHA-256{Data signed portion}
Jeff Thompsond4225d42014-06-09 12:32:21 -0700232
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400233 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
234 TLV-LENGTH
235 1*OCTET ; == ECDSA over SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400236
Jeff Thompsond4225d42014-06-09 12:32:21 -0700237.. note::
238
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400239 The TLV-LENGTH of these elements depends on the specific elliptic curve used for signing (e.g., up to 72 bytes for the NIST P-256 curve).
Jeff Thompsond4225d42014-06-09 12:32:21 -0700240
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400241This type of signature, if verified, provides very strong assurances that a packet was created by the claimed producer (authentication/provenance) and was not tampered with while in transit (integrity).
242The ``KeyDigest`` option in :ref:`KeyLocator` is defined as the SHA-256 digest of the DER encoding of the ``SubjectPublicKeyInfo`` for an EC key as defined by `RFC 5480 <https://tools.ietf.org/html/rfc5480>`__.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700243
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400244The value of ``SignatureValue`` of ``SignatureSha256WithEcdsa`` is a DER-encoded ``Ecdsa-Sig-Value`` structure as defined in `RFC 3279, Section 2.2.3 <http://tools.ietf.org/html/rfc3279#section-2.2.3>`__.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700245
Jeff Thompson29840e82015-04-06 15:21:21 -0700246.. _SignatureHmacWithSha256:
247
248SignatureHmacWithSha256
249^^^^^^^^^^^^^^^^^^^^^^^
250
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400251``SignatureHmacWithSha256`` defines a hash-based message authentication code (HMAC) that is calculated over the "signed portion" of an Interest or Data packet, using SHA-256 as the hash function, salted with a shared secret key.
252This signature algorithm is defined in `RFC 2104, Section 2 <http://tools.ietf.org/html/rfc2104#section-2>`__.
Jeff Thompson29840e82015-04-06 15:21:21 -0700253
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800254* The TLV-VALUE of ``SignatureType`` is 4
255* ``KeyLocator`` is required
Jeff Thompson29840e82015-04-06 15:21:21 -0700256
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800257::
Jeff Thompson29840e82015-04-06 15:21:21 -0700258
Junxiao Shi78ce2952019-05-07 15:34:00 -0400259 SignatureValue = SIGNATURE-VALUE-TYPE
260 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400261 32OCTET ; == HMAC-SHA-256{Data signed portion}
Jeff Thompson29840e82015-04-06 15:21:21 -0700262
Junxiao Shi78ce2952019-05-07 15:34:00 -0400263 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
264 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400265 32OCTET ; == HMAC-SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400266
Jeff Thompson29840e82015-04-06 15:21:21 -0700267.. note::
268
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400269 The shared secret key is not included in the signature and must not be included anywhere in the packet, as this would invalidate the security properties of HMAC.
Jeff Thompson29840e82015-04-06 15:21:21 -0700270
271.. note::
272
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400273 As stated in `RFC 2104, Section 3 <http://tools.ietf.org/html/rfc2104#section-3>`__, shared keys shorter than the SHA-256 output byte length (32 bytes) are strongly discouraged.
Jeff Thompson29840e82015-04-06 15:21:21 -0700274
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400275Provided that the signature verifies, this type of signature ensures the authenticity of the packet, namely, that it was signed by a party possessing the shared key, and that it was not altered in transit (integrity).
276The shared key used to generate the HMAC signature can be identified by the :ref:`KeyLocator` element, e.g., by using the ``Name`` according to the application's naming conventions.
277It is the application's responsibility to associate the shared key with the identities of the parties who hold the shared key.
Jeff Thompson29840e82015-04-06 15:21:21 -0700278
Junxiao Shi78ce2952019-05-07 15:34:00 -0400279.. bibliography:: ndnspec-refs.bib