| Zhiyi Zhang | 0c04fd8 | 2018-09-04 16:29:47 -0400 | [diff] [blame] | 1 | .. _Signed Interest: |
| 2 | |
| 3 | Signed Interest |
| 4 | =============== |
| 5 | |
| 6 | **Signed Interest** is a mechanism to issue an authenticated Interest. |
| 7 | |
| Junxiao Shi | 78ce295 | 2019-05-07 15:34:00 -0400 | [diff] [blame^] | 8 | A signed Interest is an Interest where: |
| Zhiyi Zhang | 0c04fd8 | 2018-09-04 16:29:47 -0400 | [diff] [blame] | 9 | |
| Junxiao Shi | 78ce295 | 2019-05-07 15:34:00 -0400 | [diff] [blame^] | 10 | * Name ends with ``ParametersSha256DigestComponent``. |
| 11 | * ``InterestSignature`` is present. |
| Zhiyi Zhang | 0c04fd8 | 2018-09-04 16:29:47 -0400 | [diff] [blame] | 12 | |
| Junxiao Shi | 78ce295 | 2019-05-07 15:34:00 -0400 | [diff] [blame^] | 13 | See :ref:`Interest Signature section <InterestSignature>` for details on ``InterestSignature``. |
| Zhiyi Zhang | 0c04fd8 | 2018-09-04 16:29:47 -0400 | [diff] [blame] | 14 | |
| 15 | Construction of Signed Interest |
| 16 | ------------------------------- |
| 17 | |
| 18 | The following procedure describes the signing of an Interest: |
| 19 | |
| 20 | 1. Remove all ``ParametersSha256DigestComponent`` components from ``Name`` if present, regardless of the location. |
| 21 | |
| 22 | 2. If ``ApplicationParameters`` element is absent, append a zero-length ``ApplicationParameters`` element to the Interest. |
| 23 | |
| 24 | 3. Prepare an ``InterestSignatureInfo`` element and append it at the end of the Interest. |
| 25 | |
| 26 | 4. Compute the cryptographic signature according to :ref:`Interest Signature section <InterestSignature>`. |
| 27 | |
| 28 | 5. Insert the computed signature as an ``InterestSignatureValue`` element at the end of the Interest. |
| 29 | |
| 30 | 6. Compute the ``ParametersSha256DigestComponent`` according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section and append it at the end of ``Name``. |
| 31 | |
| 32 | Signed Interest processing |
| 33 | -------------------------- |
| 34 | |
| 35 | Upon receiving an Interest, the producer, according to the Interest name prefix, should be able to tell whether the Interest is required to be signed. |
| 36 | If the received Interest is required to be signed, the application protocol or the producer should also explicitly define whether ``SignatureNonce``/``SignatureTime``/``SignatureSeqNum`` must be present in the ``InterestSignatureInfo`` or not. |
| 37 | If any of the required elements is missing, treat the Interest as invalid. |
| 38 | Additionally, a signed Interest must be treated as invalid if any of the following conditions is true: |
| 39 | |
| 40 | 1. The last name component is not ``ParametersSha256DigestComponent``, or its TLV-VALUE is incorrect according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section. |
| 41 | |
| 42 | 2. The ``InterestSignatureInfo`` element is missing or any mandatory sub-element is missing from the ``InterestSignatureInfo`` element. |
| 43 | |
| 44 | 3. The ``InterestSignatureValue`` element is missing. |
| 45 | |
| 46 | 4. The signature cannot be cryptographically verified. |
| 47 | |
| 48 | 5. The key used to create the signature is not trusted for signing the Interest. |
| 49 | |
| 50 | 6. If ``SignatureTime`` (`t`) is present in the ``InterestSignatureInfo``: |
| 51 | |
| 52 | Lookup the last recorded ``SignatureTime`` (`t0`) used in conjunction with the same key. Use ``CurrentTime - GracePeriod`` if no previous record exists. The recommended grace period is 60 seconds. |
| 53 | If `t0` >= `t`, consider the Interest as invalid. |
| 54 | Update `t0` to `t` if the signed Interest has been validated according to this and all other rules. |
| 55 | |
| 56 | .. note:: |
| 57 | Sharing private keys is not recommended. If private key sharing is inevitable, it is the key owner's responsibility to keep clocks synchronized. |
| 58 | |
| 59 | 7. If ``SignatureNonce`` is present: |
| 60 | |
| 61 | To perform this check, the recipient must remember a list of ``SignatureNonce`` carried in previously received Signed Interests used in conjunction with the specific signing key. |
| 62 | Check whether the ``SignatureNonce`` carried in the current signed Interest is a repetition of a recorded ``SignatureNonce`` used with the same key. |
| 63 | If it is a repetition, treat the Interest as invalid. |
| 64 | Add the newly received ``SignatureNonce`` into the ``SignatureNonce`` list if the signed Interest has been validated according to this and all other rules. |
| 65 | |
| 66 | .. note:: |
| 67 | The size of the ``SignatureNonce`` list and the lifetime of each ``SignatureNonce`` remembered by the receiver depend on the application protocol's need. |
| 68 | |
| 69 | 8. If ``SignatureSeqNum`` (`s`) is present: |
| 70 | |
| 71 | Lookup the last recorded ``SignatureSeqNum`` (`s0`) used in conjunction with the same key. If `s0` >= `s`, consider the Interest as invalid. |
| 72 | If no previous record exists, check `s` against the application policy. |
| 73 | If `s` does not satisfy the application policy, treat the signed Interest as invalid. |
| 74 | Update `s0` to `s` if the signed Interest has been validated according to this and all other rules. |
| 75 | |
| 76 | .. note:: |
| Junxiao Shi | 78ce295 | 2019-05-07 15:34:00 -0400 | [diff] [blame^] | 77 | The first ``SignatureSeqNum`` received is considered valid only if it satisfies the application's policy. For example, application can decide the first ``SeqNum`` can only be a minimum value like 0 or 1, or a value that both sender and receiver agree on. |