blob: b6bd27eb21447e73680709d706f5549efe39d911 [file] [log] [blame]
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04001Signature
2=========
3
Davide Pesavento3c0bc312020-05-18 22:03:09 -04004.. _DataSignature:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +00005
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04006Data Signature
7--------------
Alexander Afanasyeveee8c252013-11-21 23:22:41 +00008
Davide Pesavento3c0bc312020-05-18 22:03:09 -04009The NDN Data packet signature is defined as two consecutive TLV elements: ``SignatureInfo`` and ``SignatureValue``.
Alexander Afanasyev7455e9b2014-06-25 09:41:08 -070010
Alexander Afanasyeve2800232013-11-27 02:24:14 +000011::
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000012
Junxiao Shi78ce2952019-05-07 15:34:00 -040013 DataSignature = SignatureInfo SignatureValue
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000014
Junxiao Shi78ce2952019-05-07 15:34:00 -040015 SignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
16 SignatureType
17 [KeyLocator]
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000018
Junxiao Shi78ce2952019-05-07 15:34:00 -040019 SignatureValue = SIGNATURE-VALUE-TYPE TLV-LENGTH *OCTET
Zhiyi Zhang47e51372019-02-25 13:47:01 -080020
Davide Pesavento3c0bc312020-05-18 22:03:09 -040021The ``SignatureInfo`` element fully describes the digital signature algorithm utilized and any other relevant information to locate its parent certificate(s), such as :ref:`KeyLocator`.
22
23The ``SignatureValue`` element holds the actual bits of the signature. The exact encoding of the TLV-VALUE of this element depends on the specific signature type. See :ref:`SignatureTypes` for details.
24
25The cryptographic signature contained in ``SignatureValue`` covers all TLV elements inside ``Data``, starting from ``Name`` and up to, but not including, ``SignatureValue``.
26These TLV elements are hereby referred to as the "*signed portion*" of a Data packet.
27
28
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040029.. _InterestSignature:
30
31Interest Signature
32------------------
33
Davide Pesavento3c0bc312020-05-18 22:03:09 -040034The NDN Interest packet signature is defined as two consecutive TLV elements: ``InterestSignatureInfo`` and ``InterestSignatureValue``.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040035
36::
37
Junxiao Shi78ce2952019-05-07 15:34:00 -040038 InterestSignature = InterestSignatureInfo InterestSignatureValue
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040039
Junxiao Shi78ce2952019-05-07 15:34:00 -040040 InterestSignatureInfo = INTEREST-SIGNATURE-INFO-TYPE TLV-LENGTH
41 SignatureType
42 [KeyLocator]
43 [SignatureNonce]
44 [SignatureTime]
45 [SignatureSeqNum]
46
47 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE TLV-LENGTH *OCTET
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040048
Davide Pesavento3c0bc312020-05-18 22:03:09 -040049The ``InterestSignatureInfo`` element fully describes the digital signature algorithm utilized and any other relevant information to locate its parent certificate(s), such as :ref:`KeyLocator`.
50To ensure the uniqueness of a signed Interest and to mitigate potential replay attacks, the ``InterestSignatureInfo`` element SHOULD include at least one of the following elements (described below): ``SignatureNonce``, ``SignatureTime``, ``SignatureSeqNum``.
51
52The ``InterestSignatureValue`` element holds the actual bits of the signature. The exact encoding of the TLV-VALUE of this element depends on the specific signature type. See :ref:`SignatureTypes` for details.
53
54The cryptographic signature contained in ``InterestSignatureValue`` covers all the ``NameComponent`` elements in the Interest's ``Name`` up to, but not including, ``ParametersSha256DigestComponent``, and the complete TLV elements starting from ``ApplicationParameters`` up to, but not including, ``InterestSignatureValue``.
55These TLV elements are hereby referred to as the "*signed portion*" of an Interest packet.
56
57
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040058Signature Elements
59------------------
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000060
Alexander Afanasyeve2800232013-11-27 02:24:14 +000061SignatureType
Davide Pesavento3c0bc312020-05-18 22:03:09 -040062^^^^^^^^^^^^^
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000063
Alexander Afanasyeve2800232013-11-27 02:24:14 +000064::
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000065
Junxiao Shi78ce2952019-05-07 15:34:00 -040066 SignatureType = SIGNATURE-TYPE-TYPE TLV-LENGTH nonNegativeInteger
Jeff Thompsond4225d42014-06-09 12:32:21 -070067
Davide Pesavento3c0bc312020-05-18 22:03:09 -040068This specification defines the following values for ``SignatureType``:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000069
Jeff Thompsond4225d42014-06-09 12:32:21 -070070+---------+----------------------------------------+-------------------------------------------------+
71| Value | Reference | Description |
72+=========+========================================+=================================================+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040073| 0 | :ref:`DigestSha256` | Integrity protection using a SHA-256 digest |
Jeff Thompsond4225d42014-06-09 12:32:21 -070074+---------+----------------------------------------+-------------------------------------------------+
75| 1 | :ref:`SignatureSha256WithRsa` | Integrity and provenance protection using |
Davide Pesavento3c0bc312020-05-18 22:03:09 -040076| | | an RSA signature over a SHA-256 digest |
Jeff Thompsond4225d42014-06-09 12:32:21 -070077+---------+----------------------------------------+-------------------------------------------------+
78| 3 | :ref:`SignatureSha256WithEcdsa` | Integrity and provenance protection using |
79| | | an ECDSA signature over a SHA-256 digest |
80+---------+----------------------------------------+-------------------------------------------------+
Jeff Thompson29840e82015-04-06 15:21:21 -070081| 4 | :ref:`SignatureHmacWithSha256` | Integrity and provenance protection using |
Davide Pesavento3c0bc312020-05-18 22:03:09 -040082| | | a SHA-256 hash-based message authentication code|
Jeff Thompson29840e82015-04-06 15:21:21 -070083+---------+----------------------------------------+-------------------------------------------------+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040084| 2,5-200 | | Reserved for future assignments |
Jeff Thompsond4225d42014-06-09 12:32:21 -070085+---------+----------------------------------------+-------------------------------------------------+
Davide Pesavento3c0bc312020-05-18 22:03:09 -040086| >200 | | Unassigned |
Jeff Thompsond4225d42014-06-09 12:32:21 -070087+---------+----------------------------------------+-------------------------------------------------+
Alexander Afanasyeveee8c252013-11-21 23:22:41 +000088
Alexander Afanasyev4b896112014-06-23 21:47:15 -070089.. _KeyLocator:
90
91KeyLocator
Davide Pesavento3c0bc312020-05-18 22:03:09 -040092^^^^^^^^^^
Alexander Afanasyev4b896112014-06-23 21:47:15 -070093
Davide Pesavento3c0bc312020-05-18 22:03:09 -040094A ``KeyLocator`` specifies either a ``Name`` that points to another Data packet containing a certificate or public key, or a ``KeyDigest`` that identifies the public key within a specific trust model (definition of the trust model is outside the scope of this specification).
95Note that although ``KeyLocator`` is defined as an optional field in ``SignatureInfo`` and ``InterestSignatureInfo``, specific signature types may require its presence or absence.
Alexander Afanasyev4b896112014-06-23 21:47:15 -070096
97::
98
Junxiao Shi78ce2952019-05-07 15:34:00 -040099 KeyLocator = KEY-LOCATOR-TYPE TLV-LENGTH (Name / KeyDigest)
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700100
Junxiao Shi78ce2952019-05-07 15:34:00 -0400101 KeyDigest = KEY-DIGEST-TYPE TLV-LENGTH *OCTET
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700102
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400103See :ref:`Name specification <Name>` for the definition of ``Name``.
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700104
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400105The specific definition of the proper usage of the ``Name`` and ``KeyDigest`` options in the ``KeyLocator`` field is outside the scope of this specification.
106Generally, ``Name`` names the Data packet containing the corresponding certificate.
107However, it is up to the specific trust model to define whether this name is the full name of the Data packet or a prefix that can match multiple Data packets.
108For example, the hierarchical trust model :cite:`testbed-key-management` uses the latter approach, requiring clients to fetch the latest version of the Data packet pointed to by ``KeyLocator`` (the latest version of the public key certificate) in order to ensure that the public key was not yet revoked.
Alexander Afanasyev4b896112014-06-23 21:47:15 -0700109
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800110.. _SignatureInfoNonce:
111
112SignatureNonce
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400113^^^^^^^^^^^^^^
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800114
115::
116
Junxiao Shi78ce2952019-05-07 15:34:00 -0400117 SignatureNonce = SIGNATURE-NONCE-TYPE
118 TLV-LENGTH ; == 4
119 4OCTET
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800120
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800121The ``SignatureNonce`` element adds additional assurances that a signature will be unique.
122
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400123.. _SignatureTime:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800124
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400125SignatureTime
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400126^^^^^^^^^^^^^
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800127
128::
129
Junxiao Shi78ce2952019-05-07 15:34:00 -0400130 SignatureTime = SIGNATURE-TIME-TYPE TLV-LENGTH nonNegativeInteger
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800131
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400132The value of the ``SignatureTime`` element is the timestamp of the signature, represented as the number of milliseconds since 1970-01-01T00:00:00Z (Unix epoch).
133This element can be used to indicate that the packet was signed at a particular point in time.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400134
135.. _SignatureSeqNum:
136
137SignatureSeqNum
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400138^^^^^^^^^^^^^^^
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400139
140::
141
Junxiao Shi78ce2952019-05-07 15:34:00 -0400142 SignatureSeqNum = SIGNATURE-SEQ-NUM-TYPE TLV-LENGTH nonNegativeInteger
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400143
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400144The ``SignatureSeqNum`` element adds additional assurances that a signature will be unique.
145The ``SignatureSeqNum`` may be used to protect against replay attacks.
146
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800147
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400148.. _SignatureTypes:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800149
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400150Different Types of Signatures
151-----------------------------
152
153Each signature type has different requirements on the format of its ``SignatureInfo`` and ``InterestSignatureInfo`` elements.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400154In the following sections, these requirements are specified along 2 dimensions:
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800155
156* The TLV-VALUE of ``SignatureType``
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400157* Whether ``KeyLocator`` is required/forbidden
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800158
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000159.. _DigestSha256:
Alexander Afanasyeveee8c252013-11-21 23:22:41 +0000160
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000161DigestSha256
162^^^^^^^^^^^^
Alexander Afanasyeveee8c252013-11-21 23:22:41 +0000163
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400164``DigestSha256`` provides no information about the provenance of a packet or any guarantee that the packet is from the original source.
165This signature type is intended only for debug purposes and in the limited circumstances when it is necessary to protect only against unexpected modification during transmission.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000166
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400167``DigestSha256`` is defined as the SHA-256 hash of the "signed portion" of an Interest or Data packet:
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000168
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800169* The TLV-VALUE of ``SignatureType`` is 0
170* ``KeyLocator`` is forbidden; if present, it must be ignored
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000171
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800172::
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000173
Junxiao Shi78ce2952019-05-07 15:34:00 -0400174 SignatureValue = SIGNATURE-VALUE-TYPE
175 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400176 32OCTET ; == SHA-256{Data signed portion}
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000177
Junxiao Shi78ce2952019-05-07 15:34:00 -0400178 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
179 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400180 32OCTET ; == SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400181
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000182.. _SignatureSha256WithRsa:
183
184SignatureSha256WithRsa
185^^^^^^^^^^^^^^^^^^^^^^
186
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400187``SignatureSha256WithRsa`` defines an RSA public key signature that is calculated over the SHA-256 hash of the "signed portion" of an Interest or Data packet.
188It uses the RSASSA-PKCS1-v1_5 signature scheme, as defined in `RFC 8017, Section 8.2 <https://tools.ietf.org/html/rfc8017#section-8.2>`__.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000189
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800190* The TLV-VALUE of ``SignatureType`` is 1
191* ``KeyLocator`` is required
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000192
193::
194
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400195 SignatureValue = SIGNATURE-VALUE-TYPE
196 TLV-LENGTH
197 1*OCTET ; == RSA over SHA-256{Data signed portion}
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000198
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400199 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
200 TLV-LENGTH
201 1*OCTET ; == RSA over SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400202
Alexander Afanasyev16962fc2014-02-12 19:53:47 +0000203.. note::
204
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400205 The TLV-LENGTH of these elements varies depending on the length of the private key used for signing (e.g., 256 bytes for a 2048-bit key).
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000206
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400207This type of signature, if verified, provides very strong assurances that a packet was created by the claimed producer (authentication/provenance) and was not tampered with while in transit (integrity).
208The ``KeyDigest`` option in :ref:`KeyLocator` is defined as the SHA-256 digest over the DER encoding of the ``SubjectPublicKeyInfo`` for an RSA key as defined by `RFC 3279 <https://tools.ietf.org/html/rfc3279>`__."
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000209
210.. note::
211
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400212 It is the application's responsibility to define rules (a trust model) concerning when a specific issuer (``KeyLocator``) is authorized to sign a specific packet.
213 While trust models are outside the scope of this specification, generally, trust models need to specify authorization rules between key names and Data packet names, as well as clearly define trust anchor(s).
214 For example, an application can elect to use a hierarchical trust model :cite:`testbed-key-management` to ensure Data integrity and provenance.
Alexander Afanasyeve2800232013-11-27 02:24:14 +0000215
Jeff Thompsond4225d42014-06-09 12:32:21 -0700216.. _SignatureSha256WithEcdsa:
217
218SignatureSha256WithEcdsa
219^^^^^^^^^^^^^^^^^^^^^^^^
220
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400221``SignatureSha256WithEcdsa`` defines an ECDSA public key signature that is calculated over the SHA-256 hash of the "signed portion" of an Interest or Data packet.
222This signature algorithm is defined in `RFC 5753, Section 2.1 <http://tools.ietf.org/html/rfc5753#section-2.1>`__.
223All NDN implementations MUST support this signature type with the NIST P-256 curve.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700224
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800225* The TLV-VALUE of ``SignatureType`` is 3
226* ``KeyLocator`` is required
Jeff Thompsond4225d42014-06-09 12:32:21 -0700227
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800228::
Jeff Thompsond4225d42014-06-09 12:32:21 -0700229
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400230 SignatureValue = SIGNATURE-VALUE-TYPE
231 TLV-LENGTH
232 1*OCTET ; == ECDSA over SHA-256{Data signed portion}
Jeff Thompsond4225d42014-06-09 12:32:21 -0700233
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400234 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
235 TLV-LENGTH
236 1*OCTET ; == ECDSA over SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400237
Jeff Thompsond4225d42014-06-09 12:32:21 -0700238.. note::
239
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400240 The TLV-LENGTH of these elements depends on the specific elliptic curve used for signing (e.g., up to 72 bytes for the NIST P-256 curve).
Jeff Thompsond4225d42014-06-09 12:32:21 -0700241
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400242This type of signature, if verified, provides very strong assurances that a packet was created by the claimed producer (authentication/provenance) and was not tampered with while in transit (integrity).
243The ``KeyDigest`` option in :ref:`KeyLocator` is defined as the SHA-256 digest of the DER encoding of the ``SubjectPublicKeyInfo`` for an EC key as defined by `RFC 5480 <https://tools.ietf.org/html/rfc5480>`__.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700244
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400245The value of ``SignatureValue`` of ``SignatureSha256WithEcdsa`` is a DER-encoded ``Ecdsa-Sig-Value`` structure as defined in `RFC 3279, Section 2.2.3 <http://tools.ietf.org/html/rfc3279#section-2.2.3>`__.
Jeff Thompsond4225d42014-06-09 12:32:21 -0700246
Jeff Thompson29840e82015-04-06 15:21:21 -0700247.. _SignatureHmacWithSha256:
248
249SignatureHmacWithSha256
250^^^^^^^^^^^^^^^^^^^^^^^
251
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400252``SignatureHmacWithSha256`` defines a hash-based message authentication code (HMAC) that is calculated over the "signed portion" of an Interest or Data packet, using SHA-256 as the hash function, salted with a shared secret key.
253This signature algorithm is defined in `RFC 2104, Section 2 <http://tools.ietf.org/html/rfc2104#section-2>`__.
Jeff Thompson29840e82015-04-06 15:21:21 -0700254
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800255* The TLV-VALUE of ``SignatureType`` is 4
256* ``KeyLocator`` is required
Jeff Thompson29840e82015-04-06 15:21:21 -0700257
Zhiyi Zhang47e51372019-02-25 13:47:01 -0800258::
Jeff Thompson29840e82015-04-06 15:21:21 -0700259
Junxiao Shi78ce2952019-05-07 15:34:00 -0400260 SignatureValue = SIGNATURE-VALUE-TYPE
261 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400262 32OCTET ; == HMAC-SHA-256{Data signed portion}
Jeff Thompson29840e82015-04-06 15:21:21 -0700263
Junxiao Shi78ce2952019-05-07 15:34:00 -0400264 InterestSignatureValue = INTEREST-SIGNATURE-VALUE-TYPE
265 TLV-LENGTH ; == 32
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400266 32OCTET ; == HMAC-SHA-256{Interest signed portion}
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -0400267
Jeff Thompson29840e82015-04-06 15:21:21 -0700268.. note::
269
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400270 The shared secret key is not included in the signature and must not be included anywhere in the packet, as this would invalidate the security properties of HMAC.
Jeff Thompson29840e82015-04-06 15:21:21 -0700271
272.. note::
273
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400274 As stated in `RFC 2104, Section 3 <http://tools.ietf.org/html/rfc2104#section-3>`__, shared keys shorter than the SHA-256 output byte length (32 bytes) are strongly discouraged.
Jeff Thompson29840e82015-04-06 15:21:21 -0700275
Davide Pesavento3c0bc312020-05-18 22:03:09 -0400276Provided that the signature verifies, this type of signature ensures the authenticity of the packet, namely, that it was signed by a party possessing the shared key, and that it was not altered in transit (integrity).
277The shared key used to generate the HMAC signature can be identified by the :ref:`KeyLocator` element, e.g., by using the ``Name`` according to the application's naming conventions.
278It is the application's responsibility to associate the shared key with the identities of the parties who hold the shared key.
Jeff Thompson29840e82015-04-06 15:21:21 -0700279
Junxiao Shi78ce2952019-05-07 15:34:00 -0400280.. bibliography:: ndnspec-refs.bib