blob: 40a004d0d06b8bf5123a5c607141354240240a71 [file] [log] [blame]
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04001.. _Signed Interest:
2
3Signed Interest
4===============
5
6**Signed Interest** is a mechanism to issue an authenticated Interest.
7
Junxiao Shi78ce2952019-05-07 15:34:00 -04008A signed Interest is an Interest where:
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -04009
Junxiao Shi78ce2952019-05-07 15:34:00 -040010* Name ends with ``ParametersSha256DigestComponent``.
11* ``InterestSignature`` is present.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040012
Junxiao Shi78ce2952019-05-07 15:34:00 -040013See :ref:`Interest Signature section <InterestSignature>` for details on ``InterestSignature``.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040014
15Construction of Signed Interest
16-------------------------------
17
18The following procedure describes the signing of an Interest:
19
201. Remove all ``ParametersSha256DigestComponent`` components from ``Name`` if present, regardless of the location.
21
222. If ``ApplicationParameters`` element is absent, append a zero-length ``ApplicationParameters`` element to the Interest.
23
243. Prepare an ``InterestSignatureInfo`` element and append it at the end of the Interest.
25
264. Compute the cryptographic signature according to :ref:`Interest Signature section <InterestSignature>`.
27
285. Insert the computed signature as an ``InterestSignatureValue`` element at the end of the Interest.
29
306. Compute the ``ParametersSha256DigestComponent`` according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section and append it at the end of ``Name``.
31
32Signed Interest processing
33--------------------------
34
35Upon receiving an Interest, the producer, according to the Interest name prefix, should be able to tell whether the Interest is required to be signed.
36If the received Interest is required to be signed, the application protocol or the producer should also explicitly define whether ``SignatureNonce``/``SignatureTime``/``SignatureSeqNum`` must be present in the ``InterestSignatureInfo`` or not.
37If any of the required elements is missing, treat the Interest as invalid.
38Additionally, a signed Interest must be treated as invalid if any of the following conditions is true:
39
401. The last name component is not ``ParametersSha256DigestComponent``, or its TLV-VALUE is incorrect according to :ref:`Interest Parameters Digest Component <Interest Parameters Digest Component>` section.
41
422. The ``InterestSignatureInfo`` element is missing or any mandatory sub-element is missing from the ``InterestSignatureInfo`` element.
43
443. The ``InterestSignatureValue`` element is missing.
45
464. The signature cannot be cryptographically verified.
47
485. The key used to create the signature is not trusted for signing the Interest.
49
506. If ``SignatureTime`` (`t`) is present in the ``InterestSignatureInfo``:
51
52 Lookup the last recorded ``SignatureTime`` (`t0`) used in conjunction with the same key. Use ``CurrentTime - GracePeriod`` if no previous record exists. The recommended grace period is 60 seconds.
53 If `t0` >= `t`, consider the Interest as invalid.
54 Update `t0` to `t` if the signed Interest has been validated according to this and all other rules.
55
Davide Pesavento23e340c2021-12-03 04:52:22 -050056 .. note::
57 Sharing private keys is not recommended. If private key sharing is inevitable, it is the key owner's responsibility to keep clocks synchronized.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040058
597. If ``SignatureNonce`` is present:
60
61 To perform this check, the recipient must remember a list of ``SignatureNonce`` carried in previously received Signed Interests used in conjunction with the specific signing key.
62 Check whether the ``SignatureNonce`` carried in the current signed Interest is a repetition of a recorded ``SignatureNonce`` used with the same key.
63 If it is a repetition, treat the Interest as invalid.
64 Add the newly received ``SignatureNonce`` into the ``SignatureNonce`` list if the signed Interest has been validated according to this and all other rules.
65
Davide Pesavento23e340c2021-12-03 04:52:22 -050066 .. note::
67 The size of the ``SignatureNonce`` list and the lifetime of each ``SignatureNonce`` remembered by the receiver depend on the application protocol's need.
Zhiyi Zhang0c04fd82018-09-04 16:29:47 -040068
698. If ``SignatureSeqNum`` (`s`) is present:
70
71 Lookup the last recorded ``SignatureSeqNum`` (`s0`) used in conjunction with the same key. If `s0` >= `s`, consider the Interest as invalid.
72 If no previous record exists, check `s` against the application policy.
73 If `s` does not satisfy the application policy, treat the signed Interest as invalid.
74 Update `s0` to `s` if the signed Interest has been validated according to this and all other rules.
75
Davide Pesavento23e340c2021-12-03 04:52:22 -050076 .. note::
77 The first ``SignatureSeqNum`` received is considered valid only if it satisfies the application's policy. For example, application can decide the first ``SeqNum`` can only be a minimum value like 0 or 1, or a value that both sender and receiver agree on.