Zhiyi Zhang | 0c04fd8 | 2018-09-04 16:29:47 -0400 | [diff] [blame^] | 1 | .. _Signed Interest: |
| 2 | |
| 3 | Signed Interest |
| 4 | =============== |
| 5 | |
| 6 | **Signed Interest** is a mechanism to issue an authenticated Interest. |
| 7 | |
| 8 | :: |
| 9 | |
| 10 | SignedInterest ::= INTEREST-TYPE TLV-LENGTH |
| 11 | Name (must end with ParametersSha256DigestComponent) |
| 12 | CanBePrefix? |
| 13 | MustBeFresh? |
| 14 | ForwardingHint? |
| 15 | Nonce? |
| 16 | InterestLifetime? |
| 17 | HopLimit? |
| 18 | ApplicationParameters |
| 19 | InterestSignatureInfo |
| 20 | InterestSignatureValue |
| 21 | |
| 22 | |
| 23 | See :ref:`Interest Signature section <InterestSignature>` for details of ``InterestSignatureInfo`` and ``InterestSignatureValue``. |
| 24 | |
| 25 | Construction of Signed Interest |
| 26 | ------------------------------- |
| 27 | |
| 28 | The following procedure describes the signing of an Interest: |
| 29 | |
| 30 | 1. Remove all ``ParametersSha256DigestComponent`` components from ``Name`` if present, regardless of the location. |
| 31 | |
| 32 | 2. If ``ApplicationParameters`` element is absent, append a zero-length ``ApplicationParameters`` element to the Interest. |
| 33 | |
| 34 | 3. Prepare an ``InterestSignatureInfo`` element and append it at the end of the Interest. |
| 35 | |
| 36 | 4. Compute the cryptographic signature according to :ref:`Interest Signature section <InterestSignature>`. |
| 37 | |
| 38 | 5. Insert the computed signature as an ``InterestSignatureValue`` element at the end of the Interest. |
| 39 | |
| 40 | 6. Compute the ``ParametersSha256DigestComponent`` according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section and append it at the end of ``Name``. |
| 41 | |
| 42 | Signed Interest processing |
| 43 | -------------------------- |
| 44 | |
| 45 | Upon receiving an Interest, the producer, according to the Interest name prefix, should be able to tell whether the Interest is required to be signed. |
| 46 | If the received Interest is required to be signed, the application protocol or the producer should also explicitly define whether ``SignatureNonce``/``SignatureTime``/``SignatureSeqNum`` must be present in the ``InterestSignatureInfo`` or not. |
| 47 | If any of the required elements is missing, treat the Interest as invalid. |
| 48 | Additionally, a signed Interest must be treated as invalid if any of the following conditions is true: |
| 49 | |
| 50 | 1. The last name component is not ``ParametersSha256DigestComponent``, or its TLV-VALUE is incorrect according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section. |
| 51 | |
| 52 | 2. The ``InterestSignatureInfo`` element is missing or any mandatory sub-element is missing from the ``InterestSignatureInfo`` element. |
| 53 | |
| 54 | 3. The ``InterestSignatureValue`` element is missing. |
| 55 | |
| 56 | 4. The signature cannot be cryptographically verified. |
| 57 | |
| 58 | 5. The key used to create the signature is not trusted for signing the Interest. |
| 59 | |
| 60 | 6. If ``SignatureTime`` (`t`) is present in the ``InterestSignatureInfo``: |
| 61 | |
| 62 | Lookup the last recorded ``SignatureTime`` (`t0`) used in conjunction with the same key. Use ``CurrentTime - GracePeriod`` if no previous record exists. The recommended grace period is 60 seconds. |
| 63 | If `t0` >= `t`, consider the Interest as invalid. |
| 64 | Update `t0` to `t` if the signed Interest has been validated according to this and all other rules. |
| 65 | |
| 66 | .. note:: |
| 67 | Sharing private keys is not recommended. If private key sharing is inevitable, it is the key owner's responsibility to keep clocks synchronized. |
| 68 | |
| 69 | 7. If ``SignatureNonce`` is present: |
| 70 | |
| 71 | To perform this check, the recipient must remember a list of ``SignatureNonce`` carried in previously received Signed Interests used in conjunction with the specific signing key. |
| 72 | Check whether the ``SignatureNonce`` carried in the current signed Interest is a repetition of a recorded ``SignatureNonce`` used with the same key. |
| 73 | If it is a repetition, treat the Interest as invalid. |
| 74 | Add the newly received ``SignatureNonce`` into the ``SignatureNonce`` list if the signed Interest has been validated according to this and all other rules. |
| 75 | |
| 76 | .. note:: |
| 77 | The size of the ``SignatureNonce`` list and the lifetime of each ``SignatureNonce`` remembered by the receiver depend on the application protocol's need. |
| 78 | |
| 79 | 8. If ``SignatureSeqNum`` (`s`) is present: |
| 80 | |
| 81 | Lookup the last recorded ``SignatureSeqNum`` (`s0`) used in conjunction with the same key. If `s0` >= `s`, consider the Interest as invalid. |
| 82 | If no previous record exists, check `s` against the application policy. |
| 83 | If `s` does not satisfy the application policy, treat the signed Interest as invalid. |
| 84 | Update `s0` to `s` if the signed Interest has been validated according to this and all other rules. |
| 85 | |
| 86 | .. note:: |
| 87 | The first ``SignatureSeqNum`` received is considered valid only if it satisfies the application's policy. For example, application can decide the first ``SeqNum`` can only be a minimum value like 0 or 1, or a value that both sender and receiver agree on. |