security: Rename security/v2/* to security/*

Security v1-v2 transition has been completed for a while and path
separation is no longer needed. However, this commit preserves
`ndn::security::v2` namespace, but makes it inline.

Some commonly used v2 headers are preserved, but are deprecated and
should be avoided in the dependent software.

Change-Id: I26056cb3d34bcdc0a16e06dea8c1a78c03da2d40
diff --git a/ndn-cxx/metadata-object.hpp b/ndn-cxx/metadata-object.hpp
index 7946e7f..b6255bc 100644
--- a/ndn-cxx/metadata-object.hpp
+++ b/ndn-cxx/metadata-object.hpp
@@ -16,6 +16,8 @@
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
  * @author Chavoosh Ghasemi <chghasemi@cs.arizona.edu>
  */
 
@@ -24,7 +26,7 @@
 
 #include "ndn-cxx/data.hpp"
 #include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 namespace ndn {
 
diff --git a/ndn-cxx/mgmt/nfd/controller.cpp b/ndn-cxx/mgmt/nfd/controller.cpp
index b211f3b..5a3ce12 100644
--- a/ndn-cxx/mgmt/nfd/controller.cpp
+++ b/ndn-cxx/mgmt/nfd/controller.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -21,7 +21,7 @@
 
 #include "ndn-cxx/mgmt/nfd/controller.hpp"
 #include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 #include <boost/lexical_cast.hpp>
 
diff --git a/ndn-cxx/mgmt/nfd/controller.hpp b/ndn-cxx/mgmt/nfd/controller.hpp
index 5059a99..51bbf7c 100644
--- a/ndn-cxx/mgmt/nfd/controller.hpp
+++ b/ndn-cxx/mgmt/nfd/controller.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,14 +22,14 @@
 #ifndef NDN_MGMT_NFD_CONTROLLER_HPP
 #define NDN_MGMT_NFD_CONTROLLER_HPP
 
+#include "ndn-cxx/mgmt/nfd/command-options.hpp"
 #include "ndn-cxx/mgmt/nfd/control-command.hpp"
 #include "ndn-cxx/mgmt/nfd/control-response.hpp"
 #include "ndn-cxx/mgmt/nfd/status-dataset.hpp"
-#include "ndn-cxx/mgmt/nfd/command-options.hpp"
 #include "ndn-cxx/security/command-interest-signer.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 #include "ndn-cxx/security/validator-null.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
 #include "ndn-cxx/util/segment-fetcher.hpp"
 
 namespace ndn {
diff --git a/ndn-cxx/prefix-announcement.hpp b/ndn-cxx/prefix-announcement.hpp
index 4ff1291..c446213 100644
--- a/ndn-cxx/prefix-announcement.hpp
+++ b/ndn-cxx/prefix-announcement.hpp
@@ -22,7 +22,7 @@
 #ifndef NDN_CXX_PREFIX_ANNOUNCEMENT_HPP
 #define NDN_CXX_PREFIX_ANNOUNCEMENT_HPP
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 namespace ndn {
 
diff --git a/ndn-cxx/security/v2/additional-description.cpp b/ndn-cxx/security/additional-description.cpp
similarity index 96%
rename from ndn-cxx/security/v2/additional-description.cpp
rename to ndn-cxx/security/additional-description.cpp
index f9aa2af..2b332f4 100644
--- a/ndn-cxx/security/v2/additional-description.cpp
+++ b/ndn-cxx/security/additional-description.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,14 +19,14 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
 #include "ndn-cxx/encoding/block-helpers.hpp"
 #include "ndn-cxx/util/concepts.hpp"
 #include "ndn-cxx/util/ostream-joiner.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 BOOST_CONCEPT_ASSERT((boost::EqualityComparable<AdditionalDescription>));
 BOOST_CONCEPT_ASSERT((WireEncodable<AdditionalDescription>));
@@ -176,6 +176,6 @@
   return os << "]";
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/additional-description.hpp b/ndn-cxx/security/additional-description.hpp
new file mode 100644
index 0000000..9fc42e7
--- /dev/null
+++ b/ndn-cxx/security/additional-description.hpp
@@ -0,0 +1,145 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+#include "ndn-cxx/encoding/block.hpp"
+#include "ndn-cxx/encoding/tlv.hpp"
+
+#include <map>
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Abstraction of AdditionalDescription
+ * @sa docs/specs/certificate-format.rst
+ */
+class AdditionalDescription
+{
+public:
+  class Error : public tlv::Error
+  {
+  public:
+    using tlv::Error::Error;
+  };
+
+  typedef std::map<std::string, std::string>::iterator iterator;
+  typedef std::map<std::string, std::string>::const_iterator const_iterator;
+
+public:
+  /**
+   * @brief Create an empty AdditionalDescription
+   */
+  AdditionalDescription() = default;
+
+  /**
+   * @brief Create AdditionalDescription from @p block
+   */
+  explicit
+  AdditionalDescription(const Block& block);
+
+  const std::string&
+  get(const std::string& key) const;
+
+  void
+  set(const std::string& key, const std::string& value);
+
+  bool
+  has(const std::string& key) const;
+
+  size_t
+  size() const
+  {
+    return m_info.size();
+  }
+
+  bool
+  empty() const
+  {
+    return m_info.empty();
+  }
+
+  iterator
+  begin();
+
+  iterator
+  end();
+
+  const_iterator
+  begin() const;
+
+  const_iterator
+  end() const;
+
+  /** @brief Fast encoding or block size estimation
+   */
+  template<encoding::Tag TAG>
+  size_t
+  wireEncode(EncodingImpl<TAG>& encoder) const;
+
+  /** @brief Encode ValidityPeriod into TLV block
+   */
+  const Block&
+  wireEncode() const;
+
+  /** @brief Decode ValidityPeriod from TLV block
+   *  @throw Error when an invalid TLV block supplied
+   */
+  void
+  wireDecode(const Block& wire);
+
+private: // EqualityComparable concept
+  // NOTE: the following "hidden friend" operators are available via
+  //       argument-dependent lookup only and must be defined inline.
+
+  friend bool
+  operator==(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
+  {
+    return lhs.m_info == rhs.m_info;
+  }
+
+  friend bool
+  operator!=(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
+  {
+    return lhs.m_info != rhs.m_info;
+  }
+
+private:
+  std::map<std::string, std::string> m_info;
+
+  mutable Block m_wire;
+};
+
+NDN_CXX_DECLARE_WIRE_ENCODE_INSTANTIATIONS(AdditionalDescription);
+
+std::ostream&
+operator<<(std::ostream& os, const AdditionalDescription& desc);
+
+} // inline namespace v2
+
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
diff --git a/ndn-cxx/security/v2/certificate-bundle-fetcher.cpp b/ndn-cxx/security/certificate-bundle-fetcher.cpp
similarity index 96%
rename from ndn-cxx/security/v2/certificate-bundle-fetcher.cpp
rename to ndn-cxx/security/certificate-bundle-fetcher.cpp
index 76ce514..dabc8a5 100644
--- a/ndn-cxx/security/v2/certificate-bundle-fetcher.cpp
+++ b/ndn-cxx/security/certificate-bundle-fetcher.cpp
@@ -19,19 +19,19 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-bundle-fetcher.hpp"
+#include "ndn-cxx/security/certificate-bundle-fetcher.hpp"
 
 #include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.CertificateBundleFetcher);
+NDN_LOG_INIT(ndn.security.CertificateBundleFetcher);
 
 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -230,6 +230,6 @@
   return bundleName;
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-bundle-fetcher.hpp b/ndn-cxx/security/certificate-bundle-fetcher.hpp
similarity index 95%
rename from ndn-cxx/security/v2/certificate-bundle-fetcher.hpp
rename to ndn-cxx/security/certificate-bundle-fetcher.hpp
index 6249a23..5164b07 100644
--- a/ndn-cxx/security/v2/certificate-bundle-fetcher.hpp
+++ b/ndn-cxx/security/certificate-bundle-fetcher.hpp
@@ -19,16 +19,16 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
+#define NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
 
 #include "ndn-cxx/name.hpp"
 #include "ndn-cxx/tag.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Fetch certificate bundle from the network
@@ -144,8 +144,8 @@
   time::milliseconds m_bundleInterestLifetime;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
+#endif // NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate-cache.cpp b/ndn-cxx/security/certificate-cache.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-cache.cpp
rename to ndn-cxx/security/certificate-cache.cpp
index aefa069..bf5cb6c 100644
--- a/ndn-cxx/security/v2/certificate-cache.cpp
+++ b/ndn-cxx/security/certificate-cache.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,14 +19,14 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.CertificateCache);
+NDN_LOG_INIT(ndn.security.CertificateCache);
 
 time::nanoseconds
 CertificateCache::getDefaultLifetime()
@@ -107,6 +107,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-cache.hpp b/ndn-cxx/security/certificate-cache.hpp
similarity index 93%
rename from ndn-cxx/security/v2/certificate-cache.hpp
rename to ndn-cxx/security/certificate-cache.hpp
index d0e412e..d4af213 100644
--- a/ndn-cxx/security/v2/certificate-cache.hpp
+++ b/ndn-cxx/security/certificate-cache.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,11 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_CACHE_HPP
+#define NDN_SECURITY_CERTIFICATE_CACHE_HPP
 
 #include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 #include <boost/multi_index_container.hpp>
 #include <boost/multi_index/ordered_index.hpp>
@@ -32,7 +32,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Represents a container for verified certificates.
@@ -141,8 +141,8 @@
   time::nanoseconds m_maxLifetime;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
+#endif // NDN_SECURITY_CERTIFICATE_CACHE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp b/ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp
rename to ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
index 0fc4682..abfc636 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp
+++ b/ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
@@ -19,16 +19,16 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp"
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
 
 #include "ndn-cxx/face.hpp"
 #include "ndn-cxx/lp/tags.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 CertificateFetcherDirectFetch::CertificateFetcherDirectFetch(Face& face)
   : CertificateFetcherFromNetwork(face)
@@ -94,6 +94,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp b/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp
new file mode 100644
index 0000000..db23afb
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp
@@ -0,0 +1,65 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of
+ *   the packet
+ *
+ * During Interest and Data validation, if IncomingFaceId tag is present on the original Interest,
+ * this fetcher will send a "direct Interest" to fetch certificates from the face where the original
+ * packet was received, in addition to fetching from the infrastructure. The application must
+ * enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
+ */
+class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
+{
+public:
+  explicit
+  CertificateFetcherDirectFetch(Face& face);
+
+  /**
+   * If \p wantDirectInterestOnly, only the direct Interest will be sent out.
+   */
+  void
+  setSendDirectInterestOnly(bool wantDirectInterestOnly);
+
+protected:
+  void
+  doFetch(const shared_ptr<CertificateRequest>& keyRequest, const shared_ptr<ValidationState>& state,
+          const ValidationContinuation& continueValidation) override;
+
+private:
+  bool m_wantDirectInterestOnly = false;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-from-network.cpp b/ndn-cxx/security/certificate-fetcher-from-network.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-fetcher-from-network.cpp
rename to ndn-cxx/security/certificate-fetcher-from-network.cpp
index 8ca0a51..a117ee4 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-from-network.cpp
+++ b/ndn-cxx/security/certificate-fetcher-from-network.cpp
@@ -19,18 +19,18 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
 
 #include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.CertificateFetcher);
+NDN_LOG_INIT(ndn.security.CertificateFetcher);
 
 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -116,6 +116,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher-from-network.hpp b/ndn-cxx/security/certificate-fetcher-from-network.hpp
new file mode 100644
index 0000000..8074e07
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher-from-network.hpp
@@ -0,0 +1,90 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/util/scheduler.hpp"
+
+namespace ndn {
+
+class Data;
+class Face;
+
+namespace lp {
+class Nack;
+} // namespace lp
+
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Fetch missing keys from the network
+ */
+class CertificateFetcherFromNetwork : public CertificateFetcher
+{
+public:
+  explicit
+  CertificateFetcherFromNetwork(Face& face);
+
+protected:
+  void
+  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+          const ValidationContinuation& continueValidation) override;
+
+  /**
+   * @brief Callback invoked when certificate is retrieved.
+   */
+  void
+  dataCallback(const Data& data,
+               const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+               const ValidationContinuation& continueValidation);
+
+  /**
+   * @brief Callback invoked when interest for fetching certificate gets NACKed.
+   *
+   * Retries with exponential backoff while `certRequest->nRetriesLeft > 0`
+   */
+  void
+  nackCallback(const lp::Nack& nack,
+               const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+               const ValidationContinuation& continueValidation);
+
+  /**
+   * @brief Callback invoked when interest for fetching certificate times out.
+   *
+   * It will retry if `certRequest->nRetriesLeft > 0`
+   */
+  void
+  timeoutCallback(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+                  const ValidationContinuation& continueValidation);
+
+protected:
+  Face& m_face;
+  Scheduler m_scheduler;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp b/ndn-cxx/security/certificate-fetcher-offline.cpp
similarity index 87%
rename from ndn-cxx/security/v2/certificate-fetcher-offline.cpp
rename to ndn-cxx/security/certificate-fetcher-offline.cpp
index 9c32216..ea19a73 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp
+++ b/ndn-cxx/security/certificate-fetcher-offline.cpp
@@ -19,13 +19,13 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 void
 CertificateFetcherOffline::doFetch(const shared_ptr<CertificateRequest>& certRequest,
@@ -36,6 +36,6 @@
                "Cannot fetch certificate " + certRequest->interest.getName().toUri() + " in offline mode"});
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp b/ndn-cxx/security/certificate-fetcher-offline.hpp
similarity index 64%
copy from ndn-cxx/security/v2/certificate-fetcher-offline.cpp
copy to ndn-cxx/security/certificate-fetcher-offline.hpp
index 9c32216..617f624 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp
+++ b/ndn-cxx/security/certificate-fetcher-offline.hpp
@@ -19,23 +19,28 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-void
-CertificateFetcherOffline::doFetch(const shared_ptr<CertificateRequest>& certRequest,
-                                   const shared_ptr<ValidationState>& state,
-                                   const ValidationContinuation&)
+/**
+ * @brief Certificate fetcher realization that does not fetch keys (always offline)
+ */
+class CertificateFetcherOffline : public CertificateFetcher
 {
-  state->fail({ValidationError::Code::CANNOT_RETRIEVE_CERT,
-               "Cannot fetch certificate " + certRequest->interest.getName().toUri() + " in offline mode"});
-}
+protected:
+  void
+  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+          const ValidationContinuation& continueValidation) override;
+};
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher.cpp b/ndn-cxx/security/certificate-fetcher.cpp
similarity index 88%
rename from ndn-cxx/security/v2/certificate-fetcher.cpp
rename to ndn-cxx/security/certificate-fetcher.cpp
index 717a3f1..931b83e 100644
--- a/ndn-cxx/security/v2/certificate-fetcher.cpp
+++ b/ndn-cxx/security/certificate-fetcher.cpp
@@ -19,17 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.CertificateFetcher);
+NDN_LOG_INIT(ndn.security.CertificateFetcher);
 
 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
 
@@ -66,6 +66,6 @@
           });
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher.hpp b/ndn-cxx/security/certificate-fetcher.hpp
new file mode 100644
index 0000000..b90d779
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher.hpp
@@ -0,0 +1,91 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+class Certificate;
+class CertificateRequest;
+class CertificateStorage;
+class ValidationState;
+
+/**
+ * @brief Interface used by the validator to fetch missing certificates
+ */
+class CertificateFetcher : noncopyable
+{
+public:
+  using ValidationContinuation = std::function<void(const Certificate& cert,
+                                                    const shared_ptr<ValidationState>& state)>;
+
+  CertificateFetcher();
+
+  virtual
+  ~CertificateFetcher();
+
+  /**
+   * @brief Assign certificate storage to check known certificate and to cache unverified ones
+   * @note The supplied @p certStorage should be valid for the lifetime of CertificateFetcher
+   */
+  virtual void
+  setCertificateStorage(CertificateStorage& certStorage);
+
+  /**
+   * @brief Asynchronously fetch certificate
+   * @pre m_certStorage != nullptr
+   *
+   * If the requested certificate exists in the storage, then this method will immediately call
+   * continueValidation with the certification.  If certificate is not available, the
+   * implementation-specific doFetch will be called to asynchronously fetch certificate.  The
+   * successfully retrieved certificate will be automatically added to the unverified cache of
+   * the certificate storage.
+   *
+   * When the requested certificate is retrieved, continueValidation is called.  Otherwise, the
+   * fetcher implementation call state->failed() with the appropriate error code and diagnostic
+   * message.
+   */
+  void
+  fetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+        const ValidationContinuation& continueValidation);
+
+private:
+  /**
+   * @brief Asynchronous certificate fetching implementation
+   */
+  virtual void
+  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+          const ValidationContinuation& continueValidation) = 0;
+
+protected:
+  CertificateStorage* m_certStorage;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate-request.hpp b/ndn-cxx/security/certificate-request.hpp
similarity index 87%
rename from ndn-cxx/security/v2/certificate-request.hpp
rename to ndn-cxx/security/certificate-request.hpp
index 13859df..4fd7992 100644
--- a/ndn-cxx/security/v2/certificate-request.hpp
+++ b/ndn-cxx/security/certificate-request.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,14 +19,14 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_REQUEST_HPP
+#define NDN_SECURITY_CERTIFICATE_REQUEST_HPP
 
 #include "ndn-cxx/interest.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Request for a certificate, associated with the number of attempts
@@ -58,8 +58,8 @@
   time::milliseconds waitAfterNack = 500_ms;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
+#endif // NDN_SECURITY_CERTIFICATE_REQUEST_HPP
diff --git a/ndn-cxx/security/v2/certificate-storage.cpp b/ndn-cxx/security/certificate-storage.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-storage.cpp
rename to ndn-cxx/security/certificate-storage.cpp
index e245f24..3120cba 100644
--- a/ndn-cxx/security/v2/certificate-storage.cpp
+++ b/ndn-cxx/security/certificate-storage.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,11 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 CertificateStorage::CertificateStorage()
   : m_verifiedCertCache(1_h)
@@ -106,6 +106,6 @@
   return m_unverifiedCertCache;
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-storage.hpp b/ndn-cxx/security/certificate-storage.hpp
similarity index 90%
rename from ndn-cxx/security/v2/certificate-storage.hpp
rename to ndn-cxx/security/certificate-storage.hpp
index 412907a..c06f49d 100644
--- a/ndn-cxx/security/v2/certificate-storage.hpp
+++ b/ndn-cxx/security/certificate-storage.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,16 +19,16 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_STORAGE_HPP
+#define NDN_SECURITY_CERTIFICATE_STORAGE_HPP
 
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Storage for trusted anchors, verified certificate cache, and unverified certificate cache.
@@ -136,8 +136,8 @@
   CertificateCache m_unverifiedCertCache;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
+#endif // NDN_SECURITY_CERTIFICATE_STORAGE_HPP
diff --git a/ndn-cxx/security/v2/certificate.cpp b/ndn-cxx/security/certificate.cpp
similarity index 97%
rename from ndn-cxx/security/v2/certificate.cpp
rename to ndn-cxx/security/certificate.cpp
index ae3ae30..36dbc39 100644
--- a/ndn-cxx/security/v2/certificate.cpp
+++ b/ndn-cxx/security/certificate.cpp
@@ -22,15 +22,15 @@
  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */
 
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
 #include "ndn-cxx/security/transform.hpp"
 #include "ndn-cxx/encoding/block-helpers.hpp"
 #include "ndn-cxx/util/indented-stream.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
@@ -204,6 +204,6 @@
   return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/certificate.hpp b/ndn-cxx/security/certificate.hpp
new file mode 100644
index 0000000..c3ef869
--- /dev/null
+++ b/ndn-cxx/security/certificate.hpp
@@ -0,0 +1,194 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_HPP
+#define NDN_SECURITY_CERTIFICATE_HPP
+
+#include "ndn-cxx/data.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief The certificate following the certificate format naming convention
+ *
+ * Overview of NDN certificate format:
+ *
+ *     CertificateV2 ::= DATA-TLV TLV-LENGTH
+ *                         Name      (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
+ *                         MetaInfo  (.ContentType = KEY)
+ *                         Content   (= X509PublicKeyContent)
+ *                         SignatureInfo (= CertificateV2SignatureInfo)
+ *                         SignatureValue
+ *
+ *     X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
+ *                                BYTE+ (= public key bits in PKCS#8 format)
+ *
+ *     CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
+ *                                      SignatureType
+ *                                      KeyLocator
+ *                                      ValidityPeriod
+ *                                      ... optional critical or non-critical extension blocks ...
+ *
+ * An example of NDN certificate name:
+ *
+ *     /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
+ *     \_________________/    \___________/ \___________/\___________/
+ *    Certificate Namespace      Key Id       Issuer Id     Version
+ *         (Identity)
+ *     \__________________________________/
+ *                   Key Name
+ *
+ * Notes:
+ *
+ * - `Key Id` is opaque name component to identify an instance of the public key for the
+ *   certificate namespace.  The value of `Key ID` is controlled by the namespace owner.  The
+ *   library includes helpers for generation of key IDs using 8-byte random number, SHA-256
+ *   digest of the public key, timestamp, and the specified numerical identifiers.
+ *
+ * - `Issuer Id` is opaque name component to identify issuer of the certificate.  The value is
+ *   controlled by the issuer.  The library includes helpers to set issuer ID to a 8-byte
+ *   random number, SHA-256 digest of the issuer's public key, and the specified numerical
+ *   identifiers.
+ *
+ * - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
+ *   the certificate namespace, keyword `KEY`, and `KeyId` components.
+ *
+ * @see doc/specs/certificate-format.rst
+ */
+class Certificate : public Data
+{
+public:
+  Certificate();
+
+  /**
+   * @brief Construct certificate from a data object
+   * @throw tlv::Error if data does not follow certificate format
+   */
+  explicit
+  Certificate(Data&& data);
+
+  /**
+   * @brief Construct certificate from a data object
+   * @throw tlv::Error if data does not follow certificate format
+   */
+  explicit
+  Certificate(const Data& data);
+
+  /**
+   * @brief Construct certificate from a wire encoding
+   * @throw tlv::Error if wire encoding is invalid or does not follow certificate format
+   */
+  explicit
+  Certificate(const Block& block);
+
+  /**
+   * @brief Get key name
+   */
+  Name
+  getKeyName() const;
+
+  /**
+   * @brief Get identity name
+   */
+  Name
+  getIdentity() const;
+
+  /**
+   * @brief Get key ID
+   */
+  name::Component
+  getKeyId() const;
+
+  /**
+   * @brief Get issuer ID
+   */
+  name::Component
+  getIssuerId() const;
+
+  /**
+   * @brief Get public key bits (in PKCS#8 format)
+   * @throw Error If content is empty
+   */
+  Buffer
+  getPublicKey() const;
+
+  /**
+   * @brief Get validity period of the certificate
+   */
+  ValidityPeriod
+  getValidityPeriod() const;
+
+  /**
+   * @brief Check if the certificate is valid at @p ts.
+   */
+  bool
+  isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;
+
+  /**
+   * @brief Get extension with TLV @p type
+   * @throw Error The specified block type does not exist
+   */
+  Block
+  getExtension(uint32_t type) const;
+
+  // @TODO Implement extension enumeration (Issue #3907)
+public:
+  /**
+   * @brief Check if the specified name follows the naming convention for the certificate
+   */
+  static bool
+  isValidName(const Name& certName);
+
+public:
+  static const ssize_t VERSION_OFFSET;
+  static const ssize_t ISSUER_ID_OFFSET;
+  static const ssize_t KEY_COMPONENT_OFFSET;
+  static const ssize_t KEY_ID_OFFSET;
+  static const size_t MIN_CERT_NAME_LENGTH;
+  static const size_t MIN_KEY_NAME_LENGTH;
+  static const name::Component KEY_COMPONENT;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const Certificate& cert);
+
+/**
+ * @brief Extract identity namespace from the certificate name @p certName
+ */
+Name
+extractIdentityFromCertName(const Name& certName);
+
+/**
+ * @brief Extract key name from the certificate name @p certName
+ */
+Name
+extractKeyNameFromCertName(const Name& certName);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_HPP
diff --git a/ndn-cxx/security/command-interest-signer.hpp b/ndn-cxx/security/command-interest-signer.hpp
index f6cb644..5439809 100644
--- a/ndn-cxx/security/command-interest-signer.hpp
+++ b/ndn-cxx/security/command-interest-signer.hpp
@@ -22,7 +22,7 @@
 #ifndef NDN_SECURITY_COMMAND_INTEREST_SIGNER_HPP
 #define NDN_SECURITY_COMMAND_INTEREST_SIGNER_HPP
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 namespace ndn {
 namespace security {
diff --git a/ndn-cxx/security/v2/key-chain.cpp b/ndn-cxx/security/key-chain.cpp
similarity index 98%
rename from ndn-cxx/security/v2/key-chain.cpp
rename to ndn-cxx/security/key-chain.cpp
index 75f1b68..3d4212f 100644
--- a/ndn-cxx/security/v2/key-chain.cpp
+++ b/ndn-cxx/security/key-chain.cpp
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 #include "ndn-cxx/encoding/buffer-stream.hpp"
 #include "ndn-cxx/util/config-file.hpp"
@@ -51,21 +51,21 @@
 // http://stackoverflow.com/q/9459980/2150331
 
 namespace pib {
-NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibSqlite3);
-NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibMemory);
+NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibSqlite3);
+NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibMemory);
 } // namespace pib
 
 namespace tpm {
 #if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndOsx);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndOsx);
 #endif // defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndFile);
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndMem);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndFile);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndMem);
 } // namespace tpm
 
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.KeyChain);
+NDN_LOG_INIT(ndn.security.KeyChain);
 
 std::string KeyChain::s_defaultPibLocator;
 std::string KeyChain::s_defaultTpmLocator;
@@ -728,6 +728,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/key-chain.hpp b/ndn-cxx/security/key-chain.hpp
index d82cc3b..bc87805 100644
--- a/ndn-cxx/security/key-chain.hpp
+++ b/ndn-cxx/security/key-chain.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,10 +19,498 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_CXX_SECURITY_KEY_CHAIN_HPP
-#define NDN_CXX_SECURITY_KEY_CHAIN_HPP
+#ifndef NDN_SECURITY_KEY_CHAIN_HPP
+#define NDN_SECURITY_KEY_CHAIN_HPP
 
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/key-params.hpp"
+#include "ndn-cxx/security/pib/pib.hpp"
+#include "ndn-cxx/security/safe-bag.hpp"
+#include "ndn-cxx/security/signing-info.hpp"
+#include "ndn-cxx/security/tpm/tpm.hpp"
 
-#endif // NDN_CXX_SECURITY_KEY_CHAIN_HPP
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief The interface of signing key management.
+ *
+ * The KeyChain class provides an interface to manage entities related to packet signing,
+ * such as Identity, Key, and Certificates.  It consists of two parts: a private key module
+ * (TPM) and a public key information base (PIB).  Managing signing key and its related
+ * entities through KeyChain interface guarantees the consistency between TPM and PIB.
+ */
+class KeyChain : noncopyable
+{
+public:
+  class Error : public std::runtime_error
+  {
+  public:
+    using std::runtime_error::runtime_error;
+  };
+
+  /**
+   * @brief Error indicating that the supplied TPM locator does not match the locator stored in PIB.
+   */
+  class LocatorMismatchError : public Error
+  {
+  public:
+    using Error::Error;
+  };
+
+  /**
+   * @brief Error indicating that the supplied SigningInfo is invalid.
+   */
+  class InvalidSigningInfoError : public Error
+  {
+  public:
+    using Error::Error;
+  };
+
+  /**
+   * @brief Constructor to create KeyChain with default PIB and TPM.
+   *
+   * Default PIB and TPM are platform-dependent and can be overriden system-wide or
+   * individually for the user.
+   *
+   * @sa manpage ndn-client.conf
+   *
+   * @todo Add detailed description about config file behavior here
+   */
+  KeyChain();
+
+  /**
+   * @brief KeyChain constructor
+   *
+   * @sa manpage ndn-client.conf
+   *
+   * @param pibLocator PIB locator, e.g., `pib-sqlite3:/example/dir`
+   * @param tpmLocator TPM locator, e.g., `tpm-memory:`
+   * @param allowReset if true, the PIB will be reset when the supplied @p tpmLocator
+   *                   does not match the one in the PIB
+   */
+  KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);
+
+  ~KeyChain();
+
+  const Pib&
+  getPib() const
+  {
+    return *m_pib;
+  }
+
+  const Tpm&
+  getTpm() const
+  {
+    return *m_tpm;
+  }
+
+public: // Identity management
+  /**
+   * @brief Create an identity @p identityName.
+   *
+   * This method will check if the identity exists in PIB and whether the identity has a
+   * default key and default certificate.  If the identity does not exist, this method will
+   * create the identity in PIB.  If the identity's default key does not exist, this method
+   * will create a key pair and set it as the identity's default key.  If the key's default
+   * certificate is missing, this method will create a self-signed certificate for the key.
+   *
+   * If @p identityName did not exist and no default identity was selected before, the created
+   * identity will be set as the default identity
+   *
+   * @param identityName The name of the identity.
+   * @param params The key parameters if a key needs to be created for the identity (default:
+   *               EC key with random key id)
+   * @return The created Identity instance.
+   */
+  Identity
+  createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());
+
+  /**
+   * @brief delete @p identity.
+   *
+   * @pre @p identity must be valid.
+   * @post @p identity becomes invalid.
+   */
+  void
+  deleteIdentity(const Identity& identity);
+
+  /**
+   * @brief Set @p identity as the default identity.
+   * @pre @p identity must be valid.
+   */
+  void
+  setDefaultIdentity(const Identity& identity);
+
+public: // Key management
+  /**
+   * @brief Create a new key for @p identity.
+   *
+   * @param identity Reference to a valid Identity object
+   * @param params Key creation parameters (default: EC key with random key id)
+   * @pre @p identity must be valid.
+   *
+   * If @p identity had no default key selected, the created key will be set as the default for
+   * this identity.
+   *
+   * This method will also create a self-signed certificate for the created key.
+   */
+  Key
+  createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());
+
+   /**
+   * @brief Create a new HMAC key.
+   *
+   * @param prefix Prefix used to construct the key name (default: `/localhost/identity/hmac`);
+   *               the full key name will include additional components according to @p params
+   * @param params Key creation parameters
+   * @return A name that can be subsequently used to reference the created key.
+   *
+   * The newly created key will be inserted in the TPM. HMAC keys don't have any PIB entries.
+   */
+  Name
+  createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),
+                const HmacKeyParams& params = HmacKeyParams());
+
+  /**
+   * @brief Delete a key @p key of @p identity.
+   *
+   * @pre @p identity must be valid.
+   * @pre @p key must be valid.
+   * @post @p key becomes invalid.
+   * @throw std::invalid_argument @p key does not belong to @p identity
+   */
+  void
+  deleteKey(const Identity& identity, const Key& key);
+
+  /**
+   * @brief Set @p key as the default key of @p identity.
+   *
+   * @pre @p identity must be valid.
+   * @pre @p key must be valid.
+   * @throw std::invalid_argument @p key does not belong to @p identity
+   */
+  void
+  setDefaultKey(const Identity& identity, const Key& key);
+
+public: // Certificate management
+  /**
+   * @brief Add a certificate @p certificate for @p key
+   *
+   * If @p key had no default certificate selected, the added certificate will be set as the
+   * default certificate for this key.
+   *
+   * @note This method overwrites certificate with the same name, without considering the
+   *       implicit digest.
+   *
+   * @pre @p key must be valid.
+   * @throw std::invalid_argument @p key does not match @p certificate
+   */
+  void
+  addCertificate(const Key& key, const Certificate& certificate);
+
+  /**
+   * @brief delete a certificate with name @p certificateName of @p key.
+   *
+   * If the certificate @p certificateName does not exist, this method has no effect.
+   *
+   * @pre @p key must be valid.
+   * @throw std::invalid_argument @p certificateName does not follow certificate naming convention.
+   */
+  void
+  deleteCertificate(const Key& key, const Name& certificateName);
+
+  /**
+   * @brief Set @p cert as the default certificate of @p key.
+   *
+   * The certificate @p cert will be added to the @p key, potentially overriding existing
+   * certificate if it has the same name (without considering implicit digest).
+   *
+   * @pre @p key must be valid.
+   * @throw std::invalid_argument @p key does not match @p certificate
+   */
+  void
+  setDefaultCertificate(const Key& key, const Certificate& certificate);
+
+public: // signing
+  /**
+   * @brief Sign a Data packet according to the supplied signing information
+   *
+   * This method uses the supplied signing information in @p params to sign @p data as follows:
+   * - It selects a private key and its associated certificate to sign the packet.
+   * - It generates a KeyLocator based upon the certificate name.
+   * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
+   *   for @p data.
+   * - It adds the generated SignatureInfo block to @p data.
+   * - It generates a signature for @p data and adds it as the SignatureValue block of @p data.
+   *
+   * @param data The data to sign
+   * @param params The signing parameters
+   * @throw Error Signing failed
+   * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
+   *                                or certificate does not exist
+   * @see SigningInfo
+   * @see SignatureInfo
+   */
+  void
+  sign(Data& data, const SigningInfo& params = SigningInfo());
+
+  /**
+   * @brief Sign an Interest according to the supplied signing information
+   *
+   * This method uses the supplied signing information in @p params to sign @p interest as follows:
+   * - It selects a private key and its associated certificate to sign the packet.
+   * - It generates a KeyLocator based upon the certificate name.
+   * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
+   *   for @p interest.
+   * - It appends the generated SignatureInfo block to the end of the Name of @p interest.
+   * - It generates a signature for @p interest and appends it to the end of the Name of
+   *   @p interest as a SignatureValue block.
+   *
+   * @param interest The interest to sign
+   * @param params The signing parameters
+   * @throw Error Signing failed
+   * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
+   *                                or certificate does not exist
+   * @see SigningInfo
+   * @see SignatureInfo
+   * @see docs/specs/signed-interest.rst
+   */
+  void
+  sign(Interest& interest, const SigningInfo& params = SigningInfo());
+
+  /**
+   * @brief Sign buffer according to the supplied signing information @p params
+   * @deprecated Sign Interests and Data directly
+   *
+   * If @p params refers to an identity, the method selects the default key of the identity.
+   * If @p params refers to a key or certificate, the method select the corresponding key.
+   *
+   * @param buffer The buffer to sign
+   * @param bufferLength The buffer size
+   * @param params The signing parameters
+   * @return SignatureValue TLV block
+   * @throw Error Signing failed
+   * @see SigningInfo
+   * @see SignatureInfo
+   */
+  [[deprecated("sign Interests and Data directly")]]
+  Block
+  sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = SigningInfo());
+
+public: // export & import
+  /**
+   * @brief Export a certificate and its corresponding private key.
+   *
+   * @param certificate The certificate to export.
+   * @param pw The password to secure the private key.
+   * @param pwLen The length of password.
+   * @return A SafeBag carrying the certificate and encrypted private key.
+   * @throw Error the certificate or private key does not exist
+   */
+  shared_ptr<SafeBag>
+  exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);
+
+  /**
+   * @brief Import a certificate and its corresponding private key from a SafeBag.
+   *
+   * If the certificate and key are imported properly, the default setting will be updated as if
+   * a new key and certificate is added into KeyChain.
+   *
+   * @param safeBag The encoded data to import.
+   * @param pw The password to secure the private key.
+   * @param pwLen The length of password.
+   * @throw Error any of following conditions:
+   *              - the safebag cannot be decoded or its content does not match;
+   *              - private key cannot be imported;
+   *              - a private/public key of the same name already exists;
+   *              - a certificate of the same name already exists.
+   */
+  void
+  importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);
+
+  /**
+   * @brief Import a private key into the TPM.
+   */
+  void
+  importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+  /**
+   * @brief Derive SignatureTypeValue according to key type and digest algorithm.
+   */
+  static tlv::SignatureTypeValue
+  getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
+
+public: // PIB & TPM backend registry
+  /**
+   * @brief Register a new PIB backend
+   * @param scheme Name for the registered PIB backend scheme
+   *
+   * @note This interface is implementation detail and may change without notice.
+   */
+  template<class PibBackendType>
+  static void
+  registerPibBackend(const std::string& scheme);
+
+  /**
+   * @brief Register a new TPM backend
+   * @param scheme Name for the registered TPM backend scheme
+   *
+   * @note This interface is implementation detail and may change without notice.
+   */
+  template<class TpmBackendType>
+  static void
+  registerTpmBackend(const std::string& scheme);
+
+private:
+  typedef std::map<std::string, function<std::shared_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
+  typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;
+
+  static PibFactories&
+  getPibFactories();
+
+  static TpmFactories&
+  getTpmFactories();
+
+  static std::tuple<std::string/*type*/, std::string/*location*/>
+  parseAndCheckPibLocator(const std::string& pibLocator);
+
+  static std::tuple<std::string/*type*/, std::string/*location*/>
+  parseAndCheckTpmLocator(const std::string& tpmLocator);
+
+  static const std::string&
+  getDefaultPibScheme();
+
+  static const std::string&
+  getDefaultTpmScheme();
+
+  /**
+    * @brief Create a PIB according to @p pibLocator
+    */
+  static unique_ptr<Pib>
+  createPib(const std::string& pibLocator);
+
+  /**
+   * @brief Create a TPM according to @p tpmLocator
+   */
+  static unique_ptr<Tpm>
+  createTpm(const std::string& tpmLocator);
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+  static const std::string&
+  getDefaultPibLocator();
+
+  static const std::string&
+  getDefaultTpmLocator();
+
+private: // signing
+  /**
+   * @brief Generate a self-signed certificate for a public key.
+   *
+   * The self-signed certificate will also be added to the PIB.
+   */
+  Certificate
+  selfSign(Key& key);
+
+  /**
+   * @brief Prepare a SignatureInfo TLV according to signing information and return the signing
+   *        key name.
+   *
+   * @param params The signing parameters
+   * @return The signing key name and prepared SignatureInfo
+   * @throw InvalidSigningInfoError The requested signing method cannot be satisfied
+   */
+  std::tuple<Name, SignatureInfo>
+  prepareSignatureInfo(const SigningInfo& params);
+
+  /**
+   * @brief Generate a SignatureValue block for a buffer @p buf of size @p size using
+   *        a key with name @p keyName and digest algorithm @p digestAlgorithm.
+   */
+  Block
+  sign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
+
+public:
+  /**
+   * @deprecated Use default constructor for SigningInfo
+   */
+  [[deprecated("use default constructor for SigningInfo")]]
+  static const SigningInfo&
+  getDefaultSigningInfo();
+
+  static const KeyParams&
+  getDefaultKeyParams();
+
+private:
+  std::unique_ptr<Pib> m_pib;
+  std::unique_ptr<Tpm> m_tpm;
+
+  static std::string s_defaultPibLocator;
+  static std::string s_defaultTpmLocator;
+};
+
+template<class PibType>
+inline void
+KeyChain::registerPibBackend(const std::string& scheme)
+{
+  getPibFactories().emplace(scheme, [] (const std::string& locator) {
+      return std::shared_ptr<pib::PibImpl>(new PibType(locator));
+    });
+}
+
+template<class TpmType>
+inline void
+KeyChain::registerTpmBackend(const std::string& scheme)
+{
+  getTpmFactories().emplace(scheme, [] (const std::string& locator) {
+      return unique_ptr<tpm::BackEnd>(new TpmType(locator));
+    });
+}
+
+/**
+ * @brief Register Pib backend class in KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * Pib backend class within the namespace where the type is declared.
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType)     \
+static class NdnCxxAuto ## PibType ## PibRegistrationClass    \
+{                                                             \
+public:                                                       \
+  NdnCxxAuto ## PibType ## PibRegistrationClass()             \
+  {                                                           \
+    ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
+  }                                                           \
+} ndnCxxAuto ## PibType ## PibRegistrationVariable
+
+/**
+ * @brief Register Tpm backend class in KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * Tpm backend class within the namespace where the type is declared.
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType)     \
+static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \
+{                                                             \
+public:                                                       \
+  NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \
+  {                                                           \
+    ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
+  }                                                           \
+} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+
+} // inline namespace v2
+} // namespace security
+
+using security::v2::KeyChain;
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/ndn-cxx/security/pib/certificate-container.hpp b/ndn-cxx/security/pib/certificate-container.hpp
index 2ab7292..1f7e753 100644
--- a/ndn-cxx/security/pib/certificate-container.hpp
+++ b/ndn-cxx/security/pib/certificate-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,7 +22,7 @@
 #ifndef NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
 #define NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
 
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 #include <iterator>
 #include <set>
@@ -51,7 +51,7 @@
   {
   public:
     using iterator_category = std::forward_iterator_tag;
-    using value_type        = const v2::Certificate;
+    using value_type        = const Certificate;
     using difference_type   = std::ptrdiff_t;
     using pointer           = value_type*;
     using reference         = value_type&;
diff --git a/ndn-cxx/security/pib/key.cpp b/ndn-cxx/security/pib/key.cpp
index 293effa..5eb011d 100644
--- a/ndn-cxx/security/pib/key.cpp
+++ b/ndn-cxx/security/pib/key.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -21,7 +21,7 @@
 
 #include "ndn-cxx/security/pib/key.hpp"
 #include "ndn-cxx/security/pib/impl/key-impl.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 namespace ndn {
 namespace security {
@@ -137,7 +137,7 @@
 
 } // namespace pib
 
-namespace v2 {
+inline namespace v2 {
 
 Name
 constructKeyName(const Name& identity, const name::Component& keyId)
@@ -167,6 +167,6 @@
   return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim everything after and including "KEY"
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/pib/key.hpp b/ndn-cxx/security/pib/key.hpp
index 5848283..6c129bd 100644
--- a/ndn-cxx/security/pib/key.hpp
+++ b/ndn-cxx/security/pib/key.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,9 +28,9 @@
 namespace ndn {
 namespace security {
 
-namespace v2 {
+inline namespace v2 {
 class KeyChain;
-} // namespace v2
+} // inline namespace v2
 
 namespace pib {
 
@@ -195,7 +195,7 @@
 
 using pib::Key;
 
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Construct key name based on the appropriate naming conventions
@@ -215,7 +215,7 @@
 Name
 extractIdentityFromKeyName(const Name& keyName);
 
-} // namespace v2
+} // inline namespace v2
 
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/pib/pib-impl.hpp b/ndn-cxx/security/pib/pib-impl.hpp
index 7d39ad4..3b29ce5 100644
--- a/ndn-cxx/security/pib/pib-impl.hpp
+++ b/ndn-cxx/security/pib/pib-impl.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,7 +23,7 @@
 #define NDN_SECURITY_PIB_PIB_IMPL_HPP
 
 #include "ndn-cxx/security/pib/pib.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 #include <set>
 
diff --git a/ndn-cxx/security/tpm/tpm.hpp b/ndn-cxx/security/tpm/tpm.hpp
index 123d9ec..4a6a8ac 100644
--- a/ndn-cxx/security/tpm/tpm.hpp
+++ b/ndn-cxx/security/tpm/tpm.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -36,9 +36,9 @@
 class PrivateKey;
 } // namespace transform
 
-namespace v2 {
+inline namespace v2 {
 class KeyChain;
-} // namespace v2
+} // inline namespace v2
 
 namespace tpm {
 
diff --git a/ndn-cxx/security/v2/trust-anchor-container.cpp b/ndn-cxx/security/trust-anchor-container.cpp
similarity index 97%
rename from ndn-cxx/security/v2/trust-anchor-container.cpp
rename to ndn-cxx/security/trust-anchor-container.cpp
index 7cf5b23..cc5e168 100644
--- a/ndn-cxx/security/v2/trust-anchor-container.cpp
+++ b/ndn-cxx/security/trust-anchor-container.cpp
@@ -19,13 +19,13 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
 
 #include <boost/filesystem.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 void
 TrustAnchorContainer::AnchorContainer::add(Certificate&& cert)
@@ -130,6 +130,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/trust-anchor-container.hpp b/ndn-cxx/security/trust-anchor-container.hpp
similarity index 93%
rename from ndn-cxx/security/v2/trust-anchor-container.hpp
rename to ndn-cxx/security/trust-anchor-container.hpp
index e69a74f..d5dcc13 100644
--- a/ndn-cxx/security/v2/trust-anchor-container.hpp
+++ b/ndn-cxx/security/trust-anchor-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,12 +19,12 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
-#define NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
+#ifndef NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
+#define NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
 
 #include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/trust-anchor-group.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/trust-anchor-group.hpp"
 
 #include <boost/multi_index_container.hpp>
 #include <boost/multi_index/hashed_index.hpp>
@@ -33,7 +33,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief represents a container for trust anchors.
@@ -173,8 +173,8 @@
   AnchorContainer m_anchors;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
+#endif // NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
diff --git a/ndn-cxx/security/v2/trust-anchor-group.cpp b/ndn-cxx/security/trust-anchor-group.cpp
similarity index 94%
rename from ndn-cxx/security/v2/trust-anchor-group.cpp
rename to ndn-cxx/security/trust-anchor-group.cpp
index 1c27a41..2b1a25e 100644
--- a/ndn-cxx/security/v2/trust-anchor-group.cpp
+++ b/ndn-cxx/security/trust-anchor-group.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/trust-anchor-group.hpp"
+#include "ndn-cxx/security/trust-anchor-group.hpp"
 #include "ndn-cxx/util/io.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
@@ -30,9 +30,9 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.TrustAnchorGroup);
+NDN_LOG_INIT(ndn.security.TrustAnchorGroup);
 
 namespace fs = boost::filesystem;
 
@@ -140,6 +140,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/trust-anchor-group.hpp b/ndn-cxx/security/trust-anchor-group.hpp
similarity index 93%
rename from ndn-cxx/security/v2/trust-anchor-group.hpp
rename to ndn-cxx/security/trust-anchor-group.hpp
index 2afe3f5..3ea11a8 100644
--- a/ndn-cxx/security/v2/trust-anchor-group.hpp
+++ b/ndn-cxx/security/trust-anchor-group.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,18 +19,18 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
-#define NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
+#ifndef NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
+#define NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
 
 #include "ndn-cxx/data.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 #include <boost/filesystem/path.hpp>
 #include <set>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 class CertContainerInterface
 {
@@ -163,8 +163,8 @@
   time::steady_clock::TimePoint m_expireTime;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
+#endif // NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
diff --git a/ndn-cxx/security/v2/additional-description.hpp b/ndn-cxx/security/v2/additional-description.hpp
index 5057ed5..c9d2701 100644
--- a/ndn-cxx/security/v2/additional-description.hpp
+++ b/ndn-cxx/security/v2/additional-description.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,129 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
-#define NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#ifndef NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
 
-#include "ndn-cxx/detail/common.hpp"
-#include "ndn-cxx/encoding/block.hpp"
-#include "ndn-cxx/encoding/tlv.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/additional-description.hpp> instead
 
-#include <map>
+#include "ndn-cxx/security/additional-description.hpp"
 
-namespace ndn {
-namespace security {
-namespace v2 {
-
-/**
- * @brief Abstraction of AdditionalDescription
- * @sa docs/specs/certificate-format.rst
- */
-class AdditionalDescription
-{
-public:
-  class Error : public tlv::Error
-  {
-  public:
-    using tlv::Error::Error;
-  };
-
-  typedef std::map<std::string, std::string>::iterator iterator;
-  typedef std::map<std::string, std::string>::const_iterator const_iterator;
-
-public:
-  /**
-   * @brief Create an empty AdditionalDescription
-   */
-  AdditionalDescription() = default;
-
-  /**
-   * @brief Create AdditionalDescription from @p block
-   */
-  explicit
-  AdditionalDescription(const Block& block);
-
-  const std::string&
-  get(const std::string& key) const;
-
-  void
-  set(const std::string& key, const std::string& value);
-
-  bool
-  has(const std::string& key) const;
-
-  size_t
-  size() const
-  {
-    return m_info.size();
-  }
-
-  bool
-  empty() const
-  {
-    return m_info.empty();
-  }
-
-  iterator
-  begin();
-
-  iterator
-  end();
-
-  const_iterator
-  begin() const;
-
-  const_iterator
-  end() const;
-
-  /** @brief Fast encoding or block size estimation
-   */
-  template<encoding::Tag TAG>
-  size_t
-  wireEncode(EncodingImpl<TAG>& encoder) const;
-
-  /** @brief Encode ValidityPeriod into TLV block
-   */
-  const Block&
-  wireEncode() const;
-
-  /** @brief Decode ValidityPeriod from TLV block
-   *  @throw Error when an invalid TLV block supplied
-   */
-  void
-  wireDecode(const Block& wire);
-
-private: // EqualityComparable concept
-  // NOTE: the following "hidden friend" operators are available via
-  //       argument-dependent lookup only and must be defined inline.
-
-  friend bool
-  operator==(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
-  {
-    return lhs.m_info == rhs.m_info;
-  }
-
-  friend bool
-  operator!=(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
-  {
-    return lhs.m_info != rhs.m_info;
-  }
-
-private:
-  std::map<std::string, std::string> m_info;
-
-  mutable Block m_wire;
-};
-
-NDN_CXX_DECLARE_WIRE_ENCODE_INSTANTIATIONS(AdditionalDescription);
-
-std::ostream&
-operator<<(std::ostream& os, const AdditionalDescription& desc);
-
-} // namespace v2
-
-using v2::AdditionalDescription;
-
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#endif // NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp b/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
index 0a5c480..2f2262e 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,47 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
 
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-direct-fetch.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
 
-/**
- * @brief Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of
- *   the packet
- *
- * During Interest and Data validation, if IncomingFaceId tag is present on the original Interest,
- * this fetcher will send a "direct Interest" to fetch certificates from the face where the original
- * packet was received, in addition to fetching from the infrastructure. The application must
- * enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
- */
-class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
-{
-public:
-  explicit
-  CertificateFetcherDirectFetch(Face& face);
-
-  /**
-   * If \p wantDirectInterestOnly, only the direct Interest will be sent out.
-   */
-  void
-  setSendDirectInterestOnly(bool wantDirectInterestOnly);
-
-protected:
-  void
-  doFetch(const shared_ptr<CertificateRequest>& keyRequest, const shared_ptr<ValidationState>& state,
-          const ValidationContinuation& continueValidation) override;
-
-private:
-  bool m_wantDirectInterestOnly = false;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp b/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
index 81bbee5..03bccdf 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
@@ -19,72 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
 
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/util/scheduler.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-from-network.hpp> instead
 
-namespace ndn {
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
 
-class Data;
-class Face;
-
-namespace lp {
-class Nack;
-} // namespace lp
-
-namespace security {
-namespace v2 {
-
-/**
- * @brief Fetch missing keys from the network
- */
-class CertificateFetcherFromNetwork : public CertificateFetcher
-{
-public:
-  explicit
-  CertificateFetcherFromNetwork(Face& face);
-
-protected:
-  void
-  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-          const ValidationContinuation& continueValidation) override;
-
-  /**
-   * @brief Callback invoked when certificate is retrieved.
-   */
-  void
-  dataCallback(const Data& data,
-               const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-               const ValidationContinuation& continueValidation);
-
-  /**
-   * @brief Callback invoked when interest for fetching certificate gets NACKed.
-   *
-   * Retries with exponential backoff while `certRequest->nRetriesLeft > 0`
-   */
-  void
-  nackCallback(const lp::Nack& nack,
-               const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-               const ValidationContinuation& continueValidation);
-
-  /**
-   * @brief Callback invoked when interest for fetching certificate times out.
-   *
-   * It will retry if `certRequest->nRetriesLeft > 0`
-   */
-  void
-  timeoutCallback(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-                  const ValidationContinuation& continueValidation);
-
-protected:
-  Face& m_face;
-  Scheduler m_scheduler;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.hpp b/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
index 2cb7386..bd745a2 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,28 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
 
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-offline.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
 
-/**
- * @brief Certificate fetcher realization that does not fetch keys (always offline)
- */
-class CertificateFetcherOffline : public CertificateFetcher
-{
-protected:
-  void
-  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-          const ValidationContinuation& continueValidation) override;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher.hpp b/ndn-cxx/security/v2/certificate-fetcher.hpp
index fcf6b87..327d767 100644
--- a/ndn-cxx/security/v2/certificate-fetcher.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher.hpp
@@ -19,73 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
 
-#include "ndn-cxx/detail/common.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher.hpp"
 
-class Certificate;
-class CertificateRequest;
-class CertificateStorage;
-class ValidationState;
-
-/**
- * @brief Interface used by the validator to fetch missing certificates
- */
-class CertificateFetcher : noncopyable
-{
-public:
-  using ValidationContinuation = std::function<void(const Certificate& cert,
-                                                    const shared_ptr<ValidationState>& state)>;
-
-  CertificateFetcher();
-
-  virtual
-  ~CertificateFetcher();
-
-  /**
-   * @brief Assign certificate storage to check known certificate and to cache unverified ones
-   * @note The supplied @p certStorage should be valid for the lifetime of CertificateFetcher
-   */
-  virtual void
-  setCertificateStorage(CertificateStorage& certStorage);
-
-  /**
-   * @brief Asynchronously fetch certificate
-   * @pre m_certStorage != nullptr
-   *
-   * If the requested certificate exists in the storage, then this method will immediately call
-   * continueValidation with the certification.  If certificate is not available, the
-   * implementation-specific doFetch will be called to asynchronously fetch certificate.  The
-   * successfully retrieved certificate will be automatically added to the unverified cache of
-   * the certificate storage.
-   *
-   * When the requested certificate is retrieved, continueValidation is called.  Otherwise, the
-   * fetcher implementation call state->failed() with the appropriate error code and diagnostic
-   * message.
-   */
-  void
-  fetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-        const ValidationContinuation& continueValidation);
-
-private:
-  /**
-   * @brief Asynchronous certificate fetching implementation
-   */
-  virtual void
-  doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
-          const ValidationContinuation& continueValidation) = 0;
-
-protected:
-  CertificateStorage* m_certStorage;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate.hpp b/ndn-cxx/security/v2/certificate.hpp
index 8d939b2..7dde933 100644
--- a/ndn-cxx/security/v2/certificate.hpp
+++ b/ndn-cxx/security/v2/certificate.hpp
@@ -17,178 +17,13 @@
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */
 
-#ifndef NDN_SECURITY_V2_CERTIFICATE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
 
-#include "ndn-cxx/data.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate.hpp"
 
-/**
- * @brief The certificate following the certificate format naming convention
- *
- * Overview of NDN certificate format:
- *
- *     CertificateV2 ::= DATA-TLV TLV-LENGTH
- *                         Name      (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
- *                         MetaInfo  (.ContentType = KEY)
- *                         Content   (= X509PublicKeyContent)
- *                         SignatureInfo (= CertificateV2SignatureInfo)
- *                         SignatureValue
- *
- *     X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
- *                                BYTE+ (= public key bits in PKCS#8 format)
- *
- *     CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- *                                      SignatureType
- *                                      KeyLocator
- *                                      ValidityPeriod
- *                                      ... optional critical or non-critical extension blocks ...
- *
- * An example of NDN certificate name:
- *
- *     /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
- *     \_________________/    \___________/ \___________/\___________/
- *    Certificate Namespace      Key Id       Issuer Id     Version
- *         (Identity)
- *     \__________________________________/
- *                   Key Name
- *
- * Notes:
- *
- * - `Key Id` is opaque name component to identify an instance of the public key for the
- *   certificate namespace.  The value of `Key ID` is controlled by the namespace owner.  The
- *   library includes helpers for generation of key IDs using 8-byte random number, SHA-256
- *   digest of the public key, timestamp, and the specified numerical identifiers.
- *
- * - `Issuer Id` is opaque name component to identify issuer of the certificate.  The value is
- *   controlled by the issuer.  The library includes helpers to set issuer ID to a 8-byte
- *   random number, SHA-256 digest of the issuer's public key, and the specified numerical
- *   identifiers.
- *
- * - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
- *   the certificate namespace, keyword `KEY`, and `KeyId` components.
- *
- * @see doc/specs/certificate-format.rst
- */
-class Certificate : public Data
-{
-public:
-  Certificate();
-
-  /**
-   * @brief Construct certificate from a data object
-   * @throw tlv::Error if data does not follow certificate format
-   */
-  explicit
-  Certificate(Data&& data);
-
-  /**
-   * @brief Construct certificate from a data object
-   * @throw tlv::Error if data does not follow certificate format
-   */
-  explicit
-  Certificate(const Data& data);
-
-  /**
-   * @brief Construct certificate from a wire encoding
-   * @throw tlv::Error if wire encoding is invalid or does not follow certificate format
-   */
-  explicit
-  Certificate(const Block& block);
-
-  /**
-   * @brief Get key name
-   */
-  Name
-  getKeyName() const;
-
-  /**
-   * @brief Get identity name
-   */
-  Name
-  getIdentity() const;
-
-  /**
-   * @brief Get key ID
-   */
-  name::Component
-  getKeyId() const;
-
-  /**
-   * @brief Get issuer ID
-   */
-  name::Component
-  getIssuerId() const;
-
-  /**
-   * @brief Get public key bits (in PKCS#8 format)
-   * @throw Error If content is empty
-   */
-  Buffer
-  getPublicKey() const;
-
-  /**
-   * @brief Get validity period of the certificate
-   */
-  ValidityPeriod
-  getValidityPeriod() const;
-
-  /**
-   * @brief Check if the certificate is valid at @p ts.
-   */
-  bool
-  isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;
-
-  /**
-   * @brief Get extension with TLV @p type
-   * @throw Error The specified block type does not exist
-   */
-  Block
-  getExtension(uint32_t type) const;
-
-  // @TODO Implement extension enumeration (Issue #3907)
-public:
-  /**
-   * @brief Check if the specified name follows the naming convention for the certificate
-   */
-  static bool
-  isValidName(const Name& certName);
-
-public:
-  static const ssize_t VERSION_OFFSET;
-  static const ssize_t ISSUER_ID_OFFSET;
-  static const ssize_t KEY_COMPONENT_OFFSET;
-  static const ssize_t KEY_ID_OFFSET;
-  static const size_t MIN_CERT_NAME_LENGTH;
-  static const size_t MIN_KEY_NAME_LENGTH;
-  static const name::Component KEY_COMPONENT;
-};
-
-std::ostream&
-operator<<(std::ostream& os, const Certificate& cert);
-
-/**
- * @brief Extract identity namespace from the certificate name @p certName
- */
-Name
-extractIdentityFromCertName(const Name& certName);
-
-/**
- * @brief Extract key name from the certificate name @p certName
- */
-Name
-extractKeyNameFromCertName(const Name& certName);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
diff --git a/ndn-cxx/security/v2/key-chain.hpp b/ndn-cxx/security/v2/key-chain.hpp
index bbfd3ab..d5c26b7 100644
--- a/ndn-cxx/security/v2/key-chain.hpp
+++ b/ndn-cxx/security/v2/key-chain.hpp
@@ -19,502 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_KEY_CHAIN_HPP
-#define NDN_SECURITY_V2_KEY_CHAIN_HPP
+#ifndef NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
+#define NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
 
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/key-params.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
-#include "ndn-cxx/security/safe-bag.hpp"
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/signing-info.hpp"
-#include "ndn-cxx/security/tpm/tpm.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/key-chain.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/key-chain.hpp"
 
-/**
- * @brief The interface of signing key management.
- *
- * The KeyChain class provides an interface to manage entities related to packet signing,
- * such as Identity, Key, and Certificates.  It consists of two parts: a private key module
- * (TPM) and a public key information base (PIB).  Managing signing key and its related
- * entities through KeyChain interface guarantees the consistency between TPM and PIB.
- */
-class KeyChain : noncopyable
-{
-public:
-  class Error : public std::runtime_error
-  {
-  public:
-    using std::runtime_error::runtime_error;
-  };
-
-  /**
-   * @brief Error indicating that the supplied TPM locator does not match the locator stored in PIB.
-   */
-  class LocatorMismatchError : public Error
-  {
-  public:
-    using Error::Error;
-  };
-
-  /**
-   * @brief Error indicating that the supplied SigningInfo is invalid.
-   */
-  class InvalidSigningInfoError : public Error
-  {
-  public:
-    using Error::Error;
-  };
-
-  /**
-   * @brief Constructor to create KeyChain with default PIB and TPM.
-   *
-   * Default PIB and TPM are platform-dependent and can be overriden system-wide or
-   * individually for the user.
-   *
-   * @sa manpage ndn-client.conf
-   *
-   * @todo Add detailed description about config file behavior here
-   */
-  KeyChain();
-
-  /**
-   * @brief KeyChain constructor
-   *
-   * @sa manpage ndn-client.conf
-   *
-   * @param pibLocator PIB locator, e.g., `pib-sqlite3:/example/dir`
-   * @param tpmLocator TPM locator, e.g., `tpm-memory:`
-   * @param allowReset if true, the PIB will be reset when the supplied @p tpmLocator
-   *                   does not match the one in the PIB
-   */
-  KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);
-
-  ~KeyChain();
-
-  const Pib&
-  getPib() const
-  {
-    return *m_pib;
-  }
-
-  const Tpm&
-  getTpm() const
-  {
-    return *m_tpm;
-  }
-
-public: // Identity management
-  /**
-   * @brief Create an identity @p identityName.
-   *
-   * This method will check if the identity exists in PIB and whether the identity has a
-   * default key and default certificate.  If the identity does not exist, this method will
-   * create the identity in PIB.  If the identity's default key does not exist, this method
-   * will create a key pair and set it as the identity's default key.  If the key's default
-   * certificate is missing, this method will create a self-signed certificate for the key.
-   *
-   * If @p identityName did not exist and no default identity was selected before, the created
-   * identity will be set as the default identity
-   *
-   * @param identityName The name of the identity.
-   * @param params The key parameters if a key needs to be created for the identity (default:
-   *               EC key with random key id)
-   * @return The created Identity instance.
-   */
-  Identity
-  createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());
-
-  /**
-   * @brief delete @p identity.
-   *
-   * @pre @p identity must be valid.
-   * @post @p identity becomes invalid.
-   */
-  void
-  deleteIdentity(const Identity& identity);
-
-  /**
-   * @brief Set @p identity as the default identity.
-   * @pre @p identity must be valid.
-   */
-  void
-  setDefaultIdentity(const Identity& identity);
-
-public: // Key management
-  /**
-   * @brief Create a new key for @p identity.
-   *
-   * @param identity Reference to a valid Identity object
-   * @param params Key creation parameters (default: EC key with random key id)
-   * @pre @p identity must be valid.
-   *
-   * If @p identity had no default key selected, the created key will be set as the default for
-   * this identity.
-   *
-   * This method will also create a self-signed certificate for the created key.
-   */
-  Key
-  createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());
-
-   /**
-   * @brief Create a new HMAC key.
-   *
-   * @param prefix Prefix used to construct the key name (default: `/localhost/identity/hmac`);
-   *               the full key name will include additional components according to @p params
-   * @param params Key creation parameters
-   * @return A name that can be subsequently used to reference the created key.
-   *
-   * The newly created key will be inserted in the TPM. HMAC keys don't have any PIB entries.
-   */
-  Name
-  createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),
-                const HmacKeyParams& params = HmacKeyParams());
-
-  /**
-   * @brief Delete a key @p key of @p identity.
-   *
-   * @pre @p identity must be valid.
-   * @pre @p key must be valid.
-   * @post @p key becomes invalid.
-   * @throw std::invalid_argument @p key does not belong to @p identity
-   */
-  void
-  deleteKey(const Identity& identity, const Key& key);
-
-  /**
-   * @brief Set @p key as the default key of @p identity.
-   *
-   * @pre @p identity must be valid.
-   * @pre @p key must be valid.
-   * @throw std::invalid_argument @p key does not belong to @p identity
-   */
-  void
-  setDefaultKey(const Identity& identity, const Key& key);
-
-public: // Certificate management
-  /**
-   * @brief Add a certificate @p certificate for @p key
-   *
-   * If @p key had no default certificate selected, the added certificate will be set as the
-   * default certificate for this key.
-   *
-   * @note This method overwrites certificate with the same name, without considering the
-   *       implicit digest.
-   *
-   * @pre @p key must be valid.
-   * @throw std::invalid_argument @p key does not match @p certificate
-   */
-  void
-  addCertificate(const Key& key, const Certificate& certificate);
-
-  /**
-   * @brief delete a certificate with name @p certificateName of @p key.
-   *
-   * If the certificate @p certificateName does not exist, this method has no effect.
-   *
-   * @pre @p key must be valid.
-   * @throw std::invalid_argument @p certificateName does not follow certificate naming convention.
-   */
-  void
-  deleteCertificate(const Key& key, const Name& certificateName);
-
-  /**
-   * @brief Set @p cert as the default certificate of @p key.
-   *
-   * The certificate @p cert will be added to the @p key, potentially overriding existing
-   * certificate if it has the same name (without considering implicit digest).
-   *
-   * @pre @p key must be valid.
-   * @throw std::invalid_argument @p key does not match @p certificate
-   */
-  void
-  setDefaultCertificate(const Key& key, const Certificate& certificate);
-
-public: // signing
-  /**
-   * @brief Sign a Data packet according to the supplied signing information
-   *
-   * This method uses the supplied signing information in @p params to sign @p data as follows:
-   * - It selects a private key and its associated certificate to sign the packet.
-   * - It generates a KeyLocator based upon the certificate name.
-   * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
-   *   for @p data.
-   * - It adds the generated SignatureInfo block to @p data.
-   * - It generates a signature for @p data and adds it as the SignatureValue block of @p data.
-   *
-   * @param data The data to sign
-   * @param params The signing parameters
-   * @throw Error Signing failed
-   * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
-   *                                or certificate does not exist
-   * @see SigningInfo
-   * @see SignatureInfo
-   */
-  void
-  sign(Data& data, const SigningInfo& params = SigningInfo());
-
-  /**
-   * @brief Sign an Interest according to the supplied signing information
-   *
-   * This method uses the supplied signing information in @p params to sign @p interest as follows:
-   * - It selects a private key and its associated certificate to sign the packet.
-   * - It generates a KeyLocator based upon the certificate name.
-   * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
-   *   for @p interest.
-   * - It appends the generated SignatureInfo block to the end of the Name of @p interest.
-   * - It generates a signature for @p interest and appends it to the end of the Name of
-   *   @p interest as a SignatureValue block.
-   *
-   * @param interest The interest to sign
-   * @param params The signing parameters
-   * @throw Error Signing failed
-   * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
-   *                                or certificate does not exist
-   * @see SigningInfo
-   * @see SignatureInfo
-   * @see docs/specs/signed-interest.rst
-   */
-  void
-  sign(Interest& interest, const SigningInfo& params = SigningInfo());
-
-  /**
-   * @brief Sign buffer according to the supplied signing information @p params
-   * @deprecated Sign Interests and Data directly
-   *
-   * If @p params refers to an identity, the method selects the default key of the identity.
-   * If @p params refers to a key or certificate, the method select the corresponding key.
-   *
-   * @param buffer The buffer to sign
-   * @param bufferLength The buffer size
-   * @param params The signing parameters
-   * @return SignatureValue TLV block
-   * @throw Error Signing failed
-   * @see SigningInfo
-   * @see SignatureInfo
-   */
-  [[deprecated("sign Interests and Data directly")]]
-  Block
-  sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = SigningInfo());
-
-public: // export & import
-  /**
-   * @brief Export a certificate and its corresponding private key.
-   *
-   * @param certificate The certificate to export.
-   * @param pw The password to secure the private key.
-   * @param pwLen The length of password.
-   * @return A SafeBag carrying the certificate and encrypted private key.
-   * @throw Error the certificate or private key does not exist
-   */
-  shared_ptr<SafeBag>
-  exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);
-
-  /**
-   * @brief Import a certificate and its corresponding private key from a SafeBag.
-   *
-   * If the certificate and key are imported properly, the default setting will be updated as if
-   * a new key and certificate is added into KeyChain.
-   *
-   * @param safeBag The encoded data to import.
-   * @param pw The password to secure the private key.
-   * @param pwLen The length of password.
-   * @throw Error any of following conditions:
-   *              - the safebag cannot be decoded or its content does not match;
-   *              - private key cannot be imported;
-   *              - a private/public key of the same name already exists;
-   *              - a certificate of the same name already exists.
-   */
-  void
-  importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);
-
-  /**
-   * @brief Import a private key into the TPM.
-   */
-  void
-  importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-  /**
-   * @brief Derive SignatureTypeValue according to key type and digest algorithm.
-   */
-  static tlv::SignatureTypeValue
-  getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
-
-public: // PIB & TPM backend registry
-  /**
-   * @brief Register a new PIB backend
-   * @param scheme Name for the registered PIB backend scheme
-   *
-   * @note This interface is implementation detail and may change without notice.
-   */
-  template<class PibBackendType>
-  static void
-  registerPibBackend(const std::string& scheme);
-
-  /**
-   * @brief Register a new TPM backend
-   * @param scheme Name for the registered TPM backend scheme
-   *
-   * @note This interface is implementation detail and may change without notice.
-   */
-  template<class TpmBackendType>
-  static void
-  registerTpmBackend(const std::string& scheme);
-
-private:
-  typedef std::map<std::string, function<std::shared_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
-  typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;
-
-  static PibFactories&
-  getPibFactories();
-
-  static TpmFactories&
-  getTpmFactories();
-
-  static std::tuple<std::string/*type*/, std::string/*location*/>
-  parseAndCheckPibLocator(const std::string& pibLocator);
-
-  static std::tuple<std::string/*type*/, std::string/*location*/>
-  parseAndCheckTpmLocator(const std::string& tpmLocator);
-
-  static const std::string&
-  getDefaultPibScheme();
-
-  static const std::string&
-  getDefaultTpmScheme();
-
-  /**
-    * @brief Create a PIB according to @p pibLocator
-    */
-  static unique_ptr<Pib>
-  createPib(const std::string& pibLocator);
-
-  /**
-   * @brief Create a TPM according to @p tpmLocator
-   */
-  static unique_ptr<Tpm>
-  createTpm(const std::string& tpmLocator);
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-  static const std::string&
-  getDefaultPibLocator();
-
-  static const std::string&
-  getDefaultTpmLocator();
-
-private: // signing
-  /**
-   * @brief Generate a self-signed certificate for a public key.
-   *
-   * The self-signed certificate will also be added to the PIB.
-   */
-  Certificate
-  selfSign(Key& key);
-
-  /**
-   * @brief Prepare a SignatureInfo TLV according to signing information and return the signing
-   *        key name.
-   *
-   * @param params The signing parameters
-   * @return The signing key name and prepared SignatureInfo
-   * @throw InvalidSigningInfoError The requested signing method cannot be satisfied
-   */
-  std::tuple<Name, SignatureInfo>
-  prepareSignatureInfo(const SigningInfo& params);
-
-  /**
-   * @brief Generate a SignatureValue block for a buffer @p buf of size @p size using
-   *        a key with name @p keyName and digest algorithm @p digestAlgorithm.
-   */
-  Block
-  sign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
-
-public:
-  /**
-   * @deprecated Use default constructor for SigningInfo
-   */
-  [[deprecated("use default constructor for SigningInfo")]]
-  static const SigningInfo&
-  getDefaultSigningInfo();
-
-  static const KeyParams&
-  getDefaultKeyParams();
-
-private:
-  std::unique_ptr<Pib> m_pib;
-  std::unique_ptr<Tpm> m_tpm;
-
-  static std::string s_defaultPibLocator;
-  static std::string s_defaultTpmLocator;
-};
-
-template<class PibType>
-inline void
-KeyChain::registerPibBackend(const std::string& scheme)
-{
-  getPibFactories().emplace(scheme, [] (const std::string& locator) {
-      return std::shared_ptr<pib::PibImpl>(new PibType(locator));
-    });
-}
-
-template<class TpmType>
-inline void
-KeyChain::registerTpmBackend(const std::string& scheme)
-{
-  getTpmFactories().emplace(scheme, [] (const std::string& locator) {
-      return unique_ptr<tpm::BackEnd>(new TpmType(locator));
-    });
-}
-
-/**
- * @brief Register Pib backend class in KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * Pib backend class within the namespace where the type is declared.
- *
- * @note This interface is implementation detail and may change without notice.
- */
-#define NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibType)     \
-static class NdnCxxAuto ## PibType ## PibRegistrationClass    \
-{                                                             \
-public:                                                       \
-  NdnCxxAuto ## PibType ## PibRegistrationClass()             \
-  {                                                           \
-    ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
-  }                                                           \
-} ndnCxxAuto ## PibType ## PibRegistrationVariable
-
-/**
- * @brief Register Tpm backend class in KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * Tpm backend class within the namespace where the type is declared.
- *
- * @note This interface is implementation detail and may change without notice.
- */
-#define NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType)     \
-static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \
-{                                                             \
-public:                                                       \
-  NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \
-  {                                                           \
-    ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
-  }                                                           \
-} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
-
-} // namespace v2
-
-using v2::KeyChain;
-
-} // namespace security
-
-using security::v2::KeyChain;
-
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_KEY_CHAIN_HPP
+#endif // NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
diff --git a/ndn-cxx/security/v2/validation-callback.hpp b/ndn-cxx/security/v2/validation-callback.hpp
index 5ce1db1..406153d 100644
--- a/ndn-cxx/security/v2/validation-callback.hpp
+++ b/ndn-cxx/security/v2/validation-callback.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,40 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
-#define NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
 
-#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-callback.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-callback.hpp"
 
-/**
- * @brief Callback to report a successful Data validation.
- */
-typedef function<void(const Data& data)> DataValidationSuccessCallback;
-
-/**
- * @brief Callback to report a failed Data validation.
- */
-typedef function<void(const Data& data, const ValidationError& error)> DataValidationFailureCallback;
-
-/**
- * @brief Callback to report a successful Interest validation.
- */
-typedef function<void(const Interest& interest)> InterestValidationSuccessCallback;
-
-/**
- * @brief Callback to report a failed Interest validation.
- */
-typedef function<void(const Interest& interest, const ValidationError& error)> InterestValidationFailureCallback;
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
diff --git a/ndn-cxx/security/v2/validation-error.hpp b/ndn-cxx/security/v2/validation-error.hpp
index 826cd18..9567dcf 100644
--- a/ndn-cxx/security/v2/validation-error.hpp
+++ b/ndn-cxx/security/v2/validation-error.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,75 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_ERROR_HPP
-#define NDN_SECURITY_V2_VALIDATION_ERROR_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
 
-#include "ndn-cxx/detail/common.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-error.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-error.hpp"
 
-/**
- * @brief Validation error code and optional detailed error message
- */
-class ValidationError
-{
-public:
-  /**
-   * @brief Known validation error code
-   * @sa specs/validation-error-code.rst
-   */
-  enum Code : uint32_t {
-    NO_ERROR             = 0,
-    INVALID_SIGNATURE    = 1,
-    NO_SIGNATURE         = 2,
-    CANNOT_RETRIEVE_CERT = 3,
-    EXPIRED_CERT         = 4,
-    LOOP_DETECTED        = 5,
-    MALFORMED_CERT       = 6,
-    EXCEEDED_DEPTH_LIMIT = 7,
-    INVALID_KEY_LOCATOR  = 8,
-    POLICY_ERROR         = 9,
-    IMPLEMENTATION_ERROR = 255,
-    USER_MIN             = 256 // custom error codes should use >=256
-  };
-
-public:
-  /**
-   * @brief Validation error, implicitly convertible from an error code and info
-   */
-  ValidationError(uint32_t code, const std::string& info = "")
-    : m_code(code)
-    , m_info(info)
-  {
-  }
-
-  uint32_t
-  getCode() const
-  {
-    return m_code;
-  }
-
-  const std::string&
-  getInfo() const
-  {
-    return m_info;
-  }
-
-private:
-  uint32_t m_code;
-  std::string m_info;
-};
-
-std::ostream&
-operator<<(std::ostream& os, ValidationError::Code code);
-
-std::ostream&
-operator<<(std::ostream& os, const ValidationError& error);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_ERROR_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-accept-all.hpp b/ndn-cxx/security/v2/validation-policy-accept-all.hpp
index 9ed54ab..06bb1f0 100644
--- a/ndn-cxx/security/v2/validation-policy-accept-all.hpp
+++ b/ndn-cxx/security/v2/validation-policy-accept-all.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,38 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
 
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-accept-all.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
 
-/**
- * @brief A validator policy that accepts any signature of data and interest packets
- */
-class ValidationPolicyAcceptAll : public ValidationPolicy
-{
-public:
-  void
-  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) final
-  {
-    continueValidation(nullptr, state);
-  }
-
-  void
-  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) final
-  {
-    continueValidation(nullptr, state);
-  }
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-command-interest.hpp b/ndn-cxx/security/v2/validation-policy-command-interest.hpp
index 6ac35b8..ec7a233 100644
--- a/ndn-cxx/security/v2/validation-policy-command-interest.hpp
+++ b/ndn-cxx/security/v2/validation-policy-command-interest.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,141 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
 
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-command-interest.hpp> instead
 
-#include <boost/multi_index_container.hpp>
-#include <boost/multi_index/ordered_index.hpp>
-#include <boost/multi_index/sequenced_index.hpp>
-#include <boost/multi_index/key_extractors.hpp>
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
 
-namespace ndn {
-namespace security {
-namespace v2 {
-
-/** \brief Validation policy for stop-and-wait command Interests
- *  \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
- *
- *  This policy checks the timestamp field of a stop-and-wait command Interest.
- *  Signed Interest validation and Data validation requests are delegated to an inner policy.
- */
-class ValidationPolicyCommandInterest : public ValidationPolicy
-{
-public:
-  class Options
-  {
-  public:
-    Options()
-    {
-    }
-
-  public:
-    /** \brief tolerance of initial timestamp
-     *
-     *  A stop-and-wait command Interest is considered "initial" if the validator
-     *  has not recorded the last timestamp from the same public key, or when
-     *  such knowledge has been erased.
-     *  For an initial command Interest, its timestamp is compared to the current
-     *  system clock, and the command Interest is rejected if the absolute difference
-     *  is greater than the grace interval.
-     *
-     *  This should be positive.
-     *  Setting this option to 0 or negative causes the validator to require exactly same
-     *  timestamp as the system clock, which most likely rejects all command Interests.
-     */
-    time::nanoseconds gracePeriod = 2_min;
-
-    /** \brief max number of distinct public keys of which to record the last timestamp
-     *
-     *  The validator records last timestamps for every public key.
-     *  For a subsequent command Interest using the same public key,
-     *  its timestamp is compared to the last timestamp from that public key,
-     *  and the command Interest is rejected if its timestamp is
-     *  less than or equal to the recorded timestamp.
-     *
-     *  This option limits the number of distinct public keys being tracked.
-     *  If the limit is exceeded, the oldest record is deleted.
-     *
-     *  Setting this option to -1 allows tracking unlimited public keys.
-     *  Setting this option to 0 disables last timestamp records and causes
-     *  every command Interest to be processed as initial.
-     */
-    ssize_t maxRecords = 1000;
-
-    /** \brief max lifetime of a last timestamp record
-     *
-     *  A last timestamp record expires and can be deleted if it has not been refreshed
-     *  within this duration.
-     *  Setting this option to 0 or negative makes last timestamp records expire immediately
-     *  and causes every command Interest to be processed as initial.
-     */
-    time::nanoseconds recordLifetime = 1_h;
-  };
-
-  /** \brief constructor
-   *  \param inner a Validator for signed Interest signature validation and Data validation;
-   *               this must not be nullptr
-   *  \param options stop-and-wait command Interest validation options
-   *  \throw std::invalid_argument inner policy is nullptr
-   */
-  explicit
-  ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
-                                  const Options& options = {});
-
-protected:
-  void
-  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-
-  void
-  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-
-private:
-  void
-  cleanup();
-
-  std::tuple<bool, Name, uint64_t>
-  parseCommandInterest(const Interest& interest, const shared_ptr<ValidationState>& state) const;
-
-  bool
-  checkTimestamp(const shared_ptr<ValidationState>& state,
-                 const Name& keyName, uint64_t timestamp);
-
-  void
-  insertNewRecord(const Name& keyName, uint64_t timestamp);
-
-private:
-  Options m_options;
-
-  struct LastTimestampRecord
-  {
-    Name keyName;
-    uint64_t timestamp;
-    time::steady_clock::TimePoint lastRefreshed;
-  };
-
-  using Container = boost::multi_index_container<
-    LastTimestampRecord,
-    boost::multi_index::indexed_by<
-      boost::multi_index::ordered_unique<
-        boost::multi_index::member<LastTimestampRecord, Name, &LastTimestampRecord::keyName>
-      >,
-      boost::multi_index::sequenced<>
-    >
-  >;
-  using Index = Container::nth_index<0>::type;
-  using Queue = Container::nth_index<1>::type;
-
-  Container m_container;
-  Index& m_index;
-  Queue& m_queue;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-config.hpp b/ndn-cxx/security/v2/validation-policy-config.hpp
index e94ccec..03f11f4 100644
--- a/ndn-cxx/security/v2/validation-policy-config.hpp
+++ b/ndn-cxx/security/v2/validation-policy-config.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,94 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
 
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-config.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
-namespace validator_config {
+#include "ndn-cxx/security/validation-policy-config.hpp"
 
-/**
- * @brief A validator that can be set up via a configuration file.
- *
- * @note For command Interest validation, this policy must be combined with
- *       @p ValidationPolicyCommandInterest, in order to guard against replay attacks.
- * @note This policy does not support inner policies (a sole policy or a terminal inner policy)
- * @sa https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
- */
-class ValidationPolicyConfig : public ValidationPolicy
-{
-public:
-  /**
-   * @brief Load policy from file @p filename
-   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
-   */
-  void
-  load(const std::string& filename);
-
-  /**
-   * @brief Load policy from direct @p input
-   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
-   */
-  void
-  load(const std::string& input, const std::string& filename);
-
-  /**
-   * @brief Load policy from direct @p input
-   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
-   */
-  void
-  load(std::istream& input, const std::string& filename);
-
-  /**
-   * @brief Load policy from @p configSection
-   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
-   */
-  void
-  load(const ConfigSection& configSection, const std::string& filename);
-
-protected:
-  void
-  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-
-  void
-  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-
-private:
-  void
-  processConfigTrustAnchor(const ConfigSection& section, const std::string& filename);
-
-  time::nanoseconds
-  getRefreshPeriod(ConfigSection::const_iterator& it, const ConfigSection::const_iterator& end);
-
-  time::nanoseconds
-  getDefaultRefreshPeriod();
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-  /** @brief Whether to always bypass validation.
-   *
-   *  This is set to true when 'any' is specified as a trust anchor.
-   *  It causes all packets to bypass validation.
-   */
-  bool m_shouldBypass = false;
-  bool m_isConfigured = false;
-
-  std::vector<unique_ptr<Rule>> m_dataRules;
-  std::vector<unique_ptr<Rule>> m_interestRules;
-};
-
-} // namespace validator_config
-
-using validator_config::ValidationPolicyConfig;
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp b/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
index 7908075..8678fef 100644
--- a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
+++ b/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,32 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
 
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-simple-hierarchy.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
-/**
- * @brief Validation policy for a simple hierarchical trust model
- */
-class ValidationPolicySimpleHierarchy : public ValidationPolicy
-{
-public:
-  void
-  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-
-  void
-  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) override;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
diff --git a/ndn-cxx/security/v2/validation-policy.hpp b/ndn-cxx/security/v2/validation-policy.hpp
index c5b52c5..8adbe61 100644
--- a/ndn-cxx/security/v2/validation-policy.hpp
+++ b/ndn-cxx/security/v2/validation-policy.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,152 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
 
-#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy.hpp> instead
 
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy.hpp"
 
-/**
- * @brief Abstraction that implements validation policy for Data and Interest packets
- */
-class ValidationPolicy : noncopyable
-{
-public:
-  using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
-                                                    const shared_ptr<ValidationState>& state)>;
-
-  virtual
-  ~ValidationPolicy() = default;
-
-  /**
-   * @brief Set inner policy
-   *
-   * Multiple assignments of the inner policy will create a "chain" of linked policies.
-   * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
-   * of the policy list.
-   *
-   * For example, sequence of `this->setInnerPolicy(policy1)` and
-   * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
-   * this->m_innerPolicy->m_innerPolicy == policy2', and
-   * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
-   *
-   * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
-   */
-  void
-  setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
-
-  /**
-   * @brief Check if inner policy is set
-   */
-  bool
-  hasInnerPolicy() const
-  {
-    return m_innerPolicy != nullptr;
-  }
-
-  /**
-   * @brief Return the inner policy
-   *
-   * If the inner policy was not set, behavior is undefined.
-   */
-  ValidationPolicy&
-  getInnerPolicy();
-
-  /**
-   * @brief Set validator to which the policy is associated
-   */
-  void
-  setValidator(Validator& validator);
-
-  /**
-   * @brief Check @p data against the policy
-   *
-   * Depending on implementation of the policy, this check can be done synchronously or
-   * asynchronously.
-   *
-   * Semantics of checkPolicy has changed from v1::Validator
-   * - If packet violates policy, the policy should call `state->fail` with appropriate error
-   *   code and error description.
-   * - If packet conforms to the policy and no further certificate retrievals are necessary,
-   *   the policy should call continueValidation(nullptr, state)
-   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
-   *   call continueValidation(<appropriate-cert-request-instance>, state)
-   */
-  virtual void
-  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) = 0;
-
-  /**
-   * @brief Check @p interest against the policy
-   *
-   * Depending on implementation of the policy, this check can be done synchronously or
-   * asynchronously.
-   *
-   * Semantics of checkPolicy has changed from v1::Validator
-   * - If packet violates policy, the policy should call `state->fail` with appropriate error
-   *   code and error description.
-   * - If packet conforms to the policy and no further certificate retrievals are necessary,
-   *   the policy should call continueValidation(nullptr, state)
-   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
-   *   call continueValidation(<appropriate-cert-request-instance>, state)
-   */
-  virtual void
-  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation) = 0;
-
-  /**
-   * @brief Check @p certificate against the policy
-   *
-   * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
-   *
-   * Depending on implementation of the policy, this check can be done synchronously or
-   * asynchronously.
-   *
-   * Semantics of checkPolicy has changed from v1::Validator
-   * - If packet violates policy, the policy should call `state->fail` with appropriate error
-   *   code and error description.
-   * - If packet conforms to the policy and no further certificate retrievals are necessary,
-   *   the policy should call continueValidation(nullptr, state)
-   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
-   *   call continueValidation(<appropriate-cert-request-instance>, state)
-   */
-  virtual void
-  checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
-              const ValidationContinuation& continueValidation)
-  {
-    checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
-  }
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
-  Validator* m_validator = nullptr;
-  unique_ptr<ValidationPolicy> m_innerPolicy;
-};
-
-/** \brief extract KeyLocator.Name from Data
- *
- *  Data must contain a KeyLocator of Name type.
- *  Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
- */
-Name
-getKeyLocatorName(const Data& data, ValidationState& state);
-
-/** \brief extract KeyLocator.Name from signed Interest
- *
- *  Interest must have SignatureInfo and contain a KeyLocator of Name type.
- *  Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
- */
-Name
-getKeyLocatorName(const Interest& interest, ValidationState& state);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
diff --git a/ndn-cxx/security/v2/validator.hpp b/ndn-cxx/security/v2/validator.hpp
index 04e0d95..95100d4 100644
--- a/ndn-cxx/security/v2/validator.hpp
+++ b/ndn-cxx/security/v2/validator.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,171 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_HPP
-#define NDN_SECURITY_V2_VALIDATOR_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATOR_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATOR_HPP
 
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-callback.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validator.hpp> instead
 
-namespace ndn {
+#include "ndn-cxx/security/validator.hpp"
 
-class Face;
-
-namespace security {
-namespace v2 {
-
-/**
- * @brief Interface for validating data and interest packets.
- *
- * Every time a validation process initiated, it creates a ValidationState that exist until
- * validation finishes with either success or failure.  This state serves several purposes:
- * - record Interest or Data packet being validated
- * - record failure callback
- * - record certificates in the certification chain for the Interest or Data packet being validated
- * - record names of the requested certificates to detect loops in the certificate chain
- * - keep track of the validation chain size (aka validation "depth")
- *
- * During validation, policy and/or key fetcher can augment validation state with policy- and
- * fetcher-specific information using ndn::Tag's.
- *
- * A validator has a trust anchor cache to save static and dynamic trust anchors, a verified
- * certificate cache for saving certificates that are already verified and an unverified
- * certificate cache for saving prefetched but not yet verified certificates.
- *
- * @todo Limit the maximum time the validation process is allowed to run before declaring failure
- * @todo Ability to customize maximum lifetime for trusted and untrusted certificate caches.
- *       Current implementation hard-codes them to be 1 hour and 5 minutes.
- */
-class Validator : public CertificateStorage
-{
-public:
-  /**
-   * @brief Validator constructor.
-   *
-   * @param policy      Validation policy to be associated with the validator
-   * @param certFetcher Certificate fetcher implementation.
-   */
-  Validator(unique_ptr<ValidationPolicy> policy, unique_ptr<CertificateFetcher> certFetcher);
-
-  ~Validator();
-
-  ValidationPolicy&
-  getPolicy();
-
-  CertificateFetcher&
-  getFetcher();
-
-  /**
-   * @brief Set the maximum depth of the certificate chain
-   */
-  void
-  setMaxDepth(size_t depth);
-
-  /**
-   * @return The maximum depth of the certificate chain
-   */
-  size_t
-  getMaxDepth() const;
-
-  /**
-   * @brief Asynchronously validate @p data
-   *
-   * @note @p successCb and @p failureCb must not be nullptr
-   */
-  void
-  validate(const Data& data,
-           const DataValidationSuccessCallback& successCb,
-           const DataValidationFailureCallback& failureCb);
-
-  /**
-   * @brief Asynchronously validate @p interest
-   *
-   * @note @p successCb and @p failureCb must not be nullptr
-   */
-  void
-  validate(const Interest& interest,
-           const InterestValidationSuccessCallback& successCb,
-           const InterestValidationFailureCallback& failureCb);
-
-public: // anchor management
-  /**
-   * @brief load static trust anchor.
-   *
-   * Static trust anchors are permanently associated with the validator and never expire.
-   *
-   * @param groupId  Certificate group id.
-   * @param cert     Certificate to load as a trust anchor.
-   */
-  void
-  loadAnchor(const std::string& groupId, Certificate&& cert);
-
-  /**
-   * @brief load dynamic trust anchors.
-   *
-   * Dynamic trust anchors are associated with the validator for as long as the underlying
-   * trust anchor file (set of files) exist(s).
-   *
-   * @param groupId          Certificate group id, must not be empty.
-   * @param certfilePath     Specifies the path to load the trust anchors.
-   * @param refreshPeriod    Refresh period for the trust anchors, must be positive.
-   * @param isDir            Tells whether the path is a directory or a single file.
-   */
-  void
-  loadAnchor(const std::string& groupId, const std::string& certfilePath,
-             time::nanoseconds refreshPeriod, bool isDir = false);
-
-  /**
-   * @brief remove any previously loaded static or dynamic trust anchor
-   */
-  void
-  resetAnchors();
-
-  /**
-   * @brief Cache verified @p cert a period of time (1 hour)
-   *
-   * @todo Add ability to customize time period
-   */
-  void
-  cacheVerifiedCertificate(Certificate&& cert);
-
-  /**
-   * @brief Remove any cached verified certificates
-   */
-  void
-  resetVerifiedCertificates();
-
-private: // Common validator operations
-  /**
-   * @brief Recursive validation of the certificate in the certification chain
-   *
-   * @param cert   The certificate to check.
-   * @param state  The current validation state.
-   */
-  void
-  validate(const Certificate& cert, const shared_ptr<ValidationState>& state);
-
-  /**
-   * @brief Request certificate for further validation.
-   *
-   * @param certRequest  Certificate request.
-   * @param state        The current validation state.
-   */
-  void
-  requestCertificate(const shared_ptr<CertificateRequest>& certRequest,
-                     const shared_ptr<ValidationState>& state);
-
-private:
-  unique_ptr<ValidationPolicy> m_policy;
-  unique_ptr<CertificateFetcher> m_certFetcher;
-  size_t m_maxDepth;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATOR_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATOR_HPP
diff --git a/ndn-cxx/security/validation-callback.hpp b/ndn-cxx/security/validation-callback.hpp
new file mode 100644
index 0000000..703267a
--- /dev/null
+++ b/ndn-cxx/security/validation-callback.hpp
@@ -0,0 +1,58 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_CALLBACK_HPP
+#define NDN_SECURITY_VALIDATION_CALLBACK_HPP
+
+#include "ndn-cxx/data.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/security-common.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Callback to report a successful Data validation.
+ */
+typedef function<void(const Data& data)> DataValidationSuccessCallback;
+
+/**
+ * @brief Callback to report a failed Data validation.
+ */
+typedef function<void(const Data& data, const ValidationError& error)> DataValidationFailureCallback;
+
+/**
+ * @brief Callback to report a successful Interest validation.
+ */
+typedef function<void(const Interest& interest)> InterestValidationSuccessCallback;
+
+/**
+ * @brief Callback to report a failed Interest validation.
+ */
+typedef function<void(const Interest& interest, const ValidationError& error)> InterestValidationFailureCallback;
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_CALLBACK_HPP
diff --git a/ndn-cxx/security/v2/validation-error.cpp b/ndn-cxx/security/validation-error.cpp
similarity index 94%
rename from ndn-cxx/security/v2/validation-error.cpp
rename to ndn-cxx/security/validation-error.cpp
index 6df5f23..102cb30 100644
--- a/ndn-cxx/security/v2/validation-error.cpp
+++ b/ndn-cxx/security/validation-error.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,13 +19,13 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
 
 #include <ostream>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 std::ostream&
 operator<<(std::ostream& os, ValidationError::Code code)
@@ -74,6 +74,6 @@
   return os;
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validation-error.hpp b/ndn-cxx/security/validation-error.hpp
new file mode 100644
index 0000000..5e5cd2c
--- /dev/null
+++ b/ndn-cxx/security/validation-error.hpp
@@ -0,0 +1,93 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_ERROR_HPP
+#define NDN_SECURITY_VALIDATION_ERROR_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Validation error code and optional detailed error message
+ */
+class ValidationError
+{
+public:
+  /**
+   * @brief Known validation error code
+   * @sa specs/validation-error-code.rst
+   */
+  enum Code : uint32_t {
+    NO_ERROR             = 0,
+    INVALID_SIGNATURE    = 1,
+    NO_SIGNATURE         = 2,
+    CANNOT_RETRIEVE_CERT = 3,
+    EXPIRED_CERT         = 4,
+    LOOP_DETECTED        = 5,
+    MALFORMED_CERT       = 6,
+    EXCEEDED_DEPTH_LIMIT = 7,
+    INVALID_KEY_LOCATOR  = 8,
+    POLICY_ERROR         = 9,
+    IMPLEMENTATION_ERROR = 255,
+    USER_MIN             = 256 // custom error codes should use >=256
+  };
+
+public:
+  /**
+   * @brief Validation error, implicitly convertible from an error code and info
+   */
+  ValidationError(uint32_t code, const std::string& info = "")
+    : m_code(code)
+    , m_info(info)
+  {
+  }
+
+  uint32_t
+  getCode() const
+  {
+    return m_code;
+  }
+
+  const std::string&
+  getInfo() const
+  {
+    return m_info;
+  }
+
+private:
+  uint32_t m_code;
+  std::string m_info;
+};
+
+std::ostream&
+operator<<(std::ostream& os, ValidationError::Code code);
+
+std::ostream&
+operator<<(std::ostream& os, const ValidationError& error);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_ERROR_HPP
diff --git a/ndn-cxx/security/validation-policy-accept-all.hpp b/ndn-cxx/security/validation-policy-accept-all.hpp
new file mode 100644
index 0000000..6372e88
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-accept-all.hpp
@@ -0,0 +1,56 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief A validator policy that accepts any signature of data and interest packets
+ */
+class ValidationPolicyAcceptAll : public ValidationPolicy
+{
+public:
+  void
+  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) final
+  {
+    continueValidation(nullptr, state);
+  }
+
+  void
+  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) final
+  {
+    continueValidation(nullptr, state);
+  }
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-command-interest.cpp b/ndn-cxx/security/validation-policy-command-interest.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validation-policy-command-interest.cpp
rename to ndn-cxx/security/validation-policy-command-interest.cpp
index 52f276d..607356d 100644
--- a/ndn-cxx/security/v2/validation-policy-command-interest.cpp
+++ b/ndn-cxx/security/validation-policy-command-interest.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,11 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 ValidationPolicyCommandInterest::ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
                                                                  const Options& options)
@@ -151,6 +151,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-command-interest.hpp b/ndn-cxx/security/validation-policy-command-interest.hpp
new file mode 100644
index 0000000..c7ea9c2
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-command-interest.hpp
@@ -0,0 +1,159 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+#include <boost/multi_index_container.hpp>
+#include <boost/multi_index/ordered_index.hpp>
+#include <boost/multi_index/sequenced_index.hpp>
+#include <boost/multi_index/key_extractors.hpp>
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/** \brief Validation policy for stop-and-wait command Interests
+ *  \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
+ *
+ *  This policy checks the timestamp field of a stop-and-wait command Interest.
+ *  Signed Interest validation and Data validation requests are delegated to an inner policy.
+ */
+class ValidationPolicyCommandInterest : public ValidationPolicy
+{
+public:
+  class Options
+  {
+  public:
+    Options()
+    {
+    }
+
+  public:
+    /** \brief tolerance of initial timestamp
+     *
+     *  A stop-and-wait command Interest is considered "initial" if the validator
+     *  has not recorded the last timestamp from the same public key, or when
+     *  such knowledge has been erased.
+     *  For an initial command Interest, its timestamp is compared to the current
+     *  system clock, and the command Interest is rejected if the absolute difference
+     *  is greater than the grace interval.
+     *
+     *  This should be positive.
+     *  Setting this option to 0 or negative causes the validator to require exactly same
+     *  timestamp as the system clock, which most likely rejects all command Interests.
+     */
+    time::nanoseconds gracePeriod = 2_min;
+
+    /** \brief max number of distinct public keys of which to record the last timestamp
+     *
+     *  The validator records last timestamps for every public key.
+     *  For a subsequent command Interest using the same public key,
+     *  its timestamp is compared to the last timestamp from that public key,
+     *  and the command Interest is rejected if its timestamp is
+     *  less than or equal to the recorded timestamp.
+     *
+     *  This option limits the number of distinct public keys being tracked.
+     *  If the limit is exceeded, the oldest record is deleted.
+     *
+     *  Setting this option to -1 allows tracking unlimited public keys.
+     *  Setting this option to 0 disables last timestamp records and causes
+     *  every command Interest to be processed as initial.
+     */
+    ssize_t maxRecords = 1000;
+
+    /** \brief max lifetime of a last timestamp record
+     *
+     *  A last timestamp record expires and can be deleted if it has not been refreshed
+     *  within this duration.
+     *  Setting this option to 0 or negative makes last timestamp records expire immediately
+     *  and causes every command Interest to be processed as initial.
+     */
+    time::nanoseconds recordLifetime = 1_h;
+  };
+
+  /** \brief constructor
+   *  \param inner a Validator for signed Interest signature validation and Data validation;
+   *               this must not be nullptr
+   *  \param options stop-and-wait command Interest validation options
+   *  \throw std::invalid_argument inner policy is nullptr
+   */
+  explicit
+  ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
+                                  const Options& options = {});
+
+protected:
+  void
+  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+
+  void
+  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+
+private:
+  void
+  cleanup();
+
+  std::tuple<bool, Name, uint64_t>
+  parseCommandInterest(const Interest& interest, const shared_ptr<ValidationState>& state) const;
+
+  bool
+  checkTimestamp(const shared_ptr<ValidationState>& state,
+                 const Name& keyName, uint64_t timestamp);
+
+  void
+  insertNewRecord(const Name& keyName, uint64_t timestamp);
+
+private:
+  Options m_options;
+
+  struct LastTimestampRecord
+  {
+    Name keyName;
+    uint64_t timestamp;
+    time::steady_clock::TimePoint lastRefreshed;
+  };
+
+  using Container = boost::multi_index_container<
+    LastTimestampRecord,
+    boost::multi_index::indexed_by<
+      boost::multi_index::ordered_unique<
+        boost::multi_index::member<LastTimestampRecord, Name, &LastTimestampRecord::keyName>
+      >,
+      boost::multi_index::sequenced<>
+    >
+  >;
+  using Index = Container::nth_index<0>::type;
+  using Queue = Container::nth_index<1>::type;
+
+  Container m_container;
+  Index& m_index;
+  Queue& m_queue;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-config.cpp b/ndn-cxx/security/validation-policy-config.cpp
similarity index 97%
rename from ndn-cxx/security/v2/validation-policy-config.cpp
rename to ndn-cxx/security/validation-policy-config.cpp
index d723b94..6aeca86 100644
--- a/ndn-cxx/security/v2/validation-policy-config.cpp
+++ b/ndn-cxx/security/validation-policy-config.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,8 +19,8 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
+#include "ndn-cxx/security/validator.hpp"
 #include "ndn-cxx/util/io.hpp"
 
 #include <boost/algorithm/string/predicate.hpp>
@@ -32,7 +32,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 void
@@ -289,6 +289,6 @@
 }
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-config.hpp b/ndn-cxx/security/validation-policy-config.hpp
new file mode 100644
index 0000000..f910994
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-config.hpp
@@ -0,0 +1,112 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+namespace validator_config {
+
+/**
+ * @brief A validator that can be set up via a configuration file.
+ *
+ * @note For command Interest validation, this policy must be combined with
+ *       @p ValidationPolicyCommandInterest, in order to guard against replay attacks.
+ * @note This policy does not support inner policies (a sole policy or a terminal inner policy)
+ * @sa https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
+ */
+class ValidationPolicyConfig : public ValidationPolicy
+{
+public:
+  /**
+   * @brief Load policy from file @p filename
+   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+   */
+  void
+  load(const std::string& filename);
+
+  /**
+   * @brief Load policy from direct @p input
+   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+   */
+  void
+  load(const std::string& input, const std::string& filename);
+
+  /**
+   * @brief Load policy from direct @p input
+   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+   */
+  void
+  load(std::istream& input, const std::string& filename);
+
+  /**
+   * @brief Load policy from @p configSection
+   * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+   */
+  void
+  load(const ConfigSection& configSection, const std::string& filename);
+
+protected:
+  void
+  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+
+  void
+  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+
+private:
+  void
+  processConfigTrustAnchor(const ConfigSection& section, const std::string& filename);
+
+  time::nanoseconds
+  getRefreshPeriod(ConfigSection::const_iterator& it, const ConfigSection::const_iterator& end);
+
+  time::nanoseconds
+  getDefaultRefreshPeriod();
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+  /** @brief Whether to always bypass validation.
+   *
+   *  This is set to true when 'any' is specified as a trust anchor.
+   *  It causes all packets to bypass validation.
+   */
+  bool m_shouldBypass = false;
+  bool m_isConfigured = false;
+
+  std::vector<unique_ptr<Rule>> m_dataRules;
+  std::vector<unique_ptr<Rule>> m_interestRules;
+};
+
+} // namespace validator_config
+
+using validator_config::ValidationPolicyConfig;
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp b/ndn-cxx/security/validation-policy-simple-hierarchy.cpp
similarity index 92%
rename from ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp
rename to ndn-cxx/security/validation-policy-simple-hierarchy.cpp
index b026bbd..53cc1b5 100644
--- a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp
+++ b/ndn-cxx/security/validation-policy-simple-hierarchy.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,11 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 void
 ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
@@ -61,6 +61,6 @@
   }
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-simple-hierarchy.hpp b/ndn-cxx/security/validation-policy-simple-hierarchy.hpp
new file mode 100644
index 0000000..2cd6503
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-simple-hierarchy.hpp
@@ -0,0 +1,50 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Validation policy for a simple hierarchical trust model
+ */
+class ValidationPolicySimpleHierarchy : public ValidationPolicy
+{
+public:
+  void
+  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+
+  void
+  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) override;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
diff --git a/ndn-cxx/security/v2/validation-policy.cpp b/ndn-cxx/security/validation-policy.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validation-policy.cpp
rename to ndn-cxx/security/validation-policy.cpp
index 28396d1..b8986b5 100644
--- a/ndn-cxx/security/v2/validation-policy.cpp
+++ b/ndn-cxx/security/validation-policy.cpp
@@ -19,12 +19,12 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
 #include "ndn-cxx/security/signing-info.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 void
 ValidationPolicy::setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy)
@@ -110,6 +110,6 @@
   return getKeyLocatorName(si, state);
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validation-policy.hpp b/ndn-cxx/security/validation-policy.hpp
new file mode 100644
index 0000000..f4d9b7d
--- /dev/null
+++ b/ndn-cxx/security/validation-policy.hpp
@@ -0,0 +1,170 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_HPP
+
+#include "ndn-cxx/data.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Abstraction that implements validation policy for Data and Interest packets
+ */
+class ValidationPolicy : noncopyable
+{
+public:
+  using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
+                                                    const shared_ptr<ValidationState>& state)>;
+
+  virtual
+  ~ValidationPolicy() = default;
+
+  /**
+   * @brief Set inner policy
+   *
+   * Multiple assignments of the inner policy will create a "chain" of linked policies.
+   * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
+   * of the policy list.
+   *
+   * For example, sequence of `this->setInnerPolicy(policy1)` and
+   * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
+   * this->m_innerPolicy->m_innerPolicy == policy2', and
+   * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
+   *
+   * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
+   */
+  void
+  setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
+
+  /**
+   * @brief Check if inner policy is set
+   */
+  bool
+  hasInnerPolicy() const
+  {
+    return m_innerPolicy != nullptr;
+  }
+
+  /**
+   * @brief Return the inner policy
+   *
+   * If the inner policy was not set, behavior is undefined.
+   */
+  ValidationPolicy&
+  getInnerPolicy();
+
+  /**
+   * @brief Set validator to which the policy is associated
+   */
+  void
+  setValidator(Validator& validator);
+
+  /**
+   * @brief Check @p data against the policy
+   *
+   * Depending on implementation of the policy, this check can be done synchronously or
+   * asynchronously.
+   *
+   * Semantics of checkPolicy has changed from v1::Validator
+   * - If packet violates policy, the policy should call `state->fail` with appropriate error
+   *   code and error description.
+   * - If packet conforms to the policy and no further certificate retrievals are necessary,
+   *   the policy should call continueValidation(nullptr, state)
+   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+   *   call continueValidation(<appropriate-cert-request-instance>, state)
+   */
+  virtual void
+  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) = 0;
+
+  /**
+   * @brief Check @p interest against the policy
+   *
+   * Depending on implementation of the policy, this check can be done synchronously or
+   * asynchronously.
+   *
+   * Semantics of checkPolicy has changed from v1::Validator
+   * - If packet violates policy, the policy should call `state->fail` with appropriate error
+   *   code and error description.
+   * - If packet conforms to the policy and no further certificate retrievals are necessary,
+   *   the policy should call continueValidation(nullptr, state)
+   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+   *   call continueValidation(<appropriate-cert-request-instance>, state)
+   */
+  virtual void
+  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation) = 0;
+
+  /**
+   * @brief Check @p certificate against the policy
+   *
+   * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
+   *
+   * Depending on implementation of the policy, this check can be done synchronously or
+   * asynchronously.
+   *
+   * Semantics of checkPolicy has changed from v1::Validator
+   * - If packet violates policy, the policy should call `state->fail` with appropriate error
+   *   code and error description.
+   * - If packet conforms to the policy and no further certificate retrievals are necessary,
+   *   the policy should call continueValidation(nullptr, state)
+   * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+   *   call continueValidation(<appropriate-cert-request-instance>, state)
+   */
+  virtual void
+  checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
+              const ValidationContinuation& continueValidation)
+  {
+    checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
+  }
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
+  Validator* m_validator = nullptr;
+  unique_ptr<ValidationPolicy> m_innerPolicy;
+};
+
+/** \brief extract KeyLocator.Name from Data
+ *
+ *  Data must contain a KeyLocator of Name type.
+ *  Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
+ */
+Name
+getKeyLocatorName(const Data& data, ValidationState& state);
+
+/** \brief extract KeyLocator.Name from signed Interest
+ *
+ *  Interest must have SignatureInfo and contain a KeyLocator of Name type.
+ *  Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
+ */
+Name
+getKeyLocatorName(const Interest& interest, ValidationState& state);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_HPP
diff --git a/ndn-cxx/security/v2/validation-state.cpp b/ndn-cxx/security/validation-state.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validation-state.cpp
rename to ndn-cxx/security/validation-state.cpp
index f6ee8d2..294d9fe 100644
--- a/ndn-cxx/security/v2/validation-state.cpp
+++ b/ndn-cxx/security/validation-state.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,16 +19,16 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-state.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+#include "ndn-cxx/security/validator.hpp"
 #include "ndn-cxx/security/verification-helpers.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.ValidationState);
+NDN_LOG_INIT(ndn.security.ValidationState);
 
 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
@@ -203,6 +203,6 @@
   return m_interest;
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/validation-state.hpp b/ndn-cxx/security/validation-state.hpp
similarity index 95%
rename from ndn-cxx/security/v2/validation-state.hpp
rename to ndn-cxx/security/validation-state.hpp
index 4ebf31c..dffdc08 100644
--- a/ndn-cxx/security/v2/validation-state.hpp
+++ b/ndn-cxx/security/validation-state.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,12 +19,12 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATION_STATE_HPP
-#define NDN_SECURITY_V2_VALIDATION_STATE_HPP
+#ifndef NDN_SECURITY_VALIDATION_STATE_HPP
+#define NDN_SECURITY_VALIDATION_STATE_HPP
 
 #include "ndn-cxx/detail/tag-host.hpp"
-#include "ndn-cxx/security/v2/validation-callback.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/validation-callback.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 #include "ndn-cxx/util/signal.hpp"
 
 #include <list>
@@ -33,7 +33,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 class Validator;
 
@@ -247,8 +247,8 @@
   InterestValidationFailureCallback m_failureCb;
 };
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATION_STATE_HPP
+#endif // NDN_SECURITY_VALIDATION_STATE_HPP
diff --git a/ndn-cxx/security/validator-config.cpp b/ndn-cxx/security/validator-config.cpp
index 25e46eb..d8c3219 100644
--- a/ndn-cxx/security/validator-config.cpp
+++ b/ndn-cxx/security/validator-config.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -20,21 +20,21 @@
  */
 
 #include "ndn-cxx/security/validator-config.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
 
 namespace ndn {
 namespace security {
 
-ValidatorConfig::ValidatorConfig(std::unique_ptr<v2::CertificateFetcher> fetcher, const Options& options)
-  : v2::Validator(make_unique<v2::ValidationPolicyCommandInterest>(make_unique<v2::ValidationPolicyConfig>(),
-                                                                   options),
-                  std::move(fetcher))
-  , m_policyConfig(static_cast<v2::ValidationPolicyConfig&>(getPolicy().getInnerPolicy()))
+ValidatorConfig::ValidatorConfig(std::unique_ptr<CertificateFetcher> fetcher, const Options& options)
+  : Validator(make_unique<ValidationPolicyCommandInterest>(make_unique<ValidationPolicyConfig>(),
+                                                           options),
+              std::move(fetcher))
+  , m_policyConfig(static_cast<ValidationPolicyConfig&>(getPolicy().getInnerPolicy()))
 {
 }
 
 ValidatorConfig::ValidatorConfig(Face& face, const Options& options)
-  : ValidatorConfig(make_unique<v2::CertificateFetcherFromNetwork>(face), options)
+  : ValidatorConfig(make_unique<CertificateFetcherFromNetwork>(face), options)
 {
 }
 
@@ -57,7 +57,7 @@
 }
 
 void
-ValidatorConfig::load(const v2::validator_config::ConfigSection& configSection,
+ValidatorConfig::load(const validator_config::ConfigSection& configSection,
                       const std::string& filename)
 {
   m_policyConfig.load(configSection, filename);
diff --git a/ndn-cxx/security/validator-config.hpp b/ndn-cxx/security/validator-config.hpp
index c3d1586..3583349 100644
--- a/ndn-cxx/security/validator-config.hpp
+++ b/ndn-cxx/security/validator-config.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,9 +22,9 @@
 #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
 #define NDN_SECURITY_VALIDATOR_CONFIG_HPP
 
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
 
 namespace ndn {
 namespace security {
@@ -32,14 +32,14 @@
 /**
  * @brief Helper for validator that uses CommandInterest + Config policy and NetworkFetcher
  */
-class ValidatorConfig : public v2::Validator
+class ValidatorConfig : public Validator
 {
 public:
-  using v2::Validator::Validator;
-  using Options = v2::ValidationPolicyCommandInterest::Options;
+  using Validator::Validator;
+  using Options = ValidationPolicyCommandInterest::Options;
 
   explicit
-  ValidatorConfig(std::unique_ptr<v2::CertificateFetcher> fetcher, const Options& options = Options());
+  ValidatorConfig(std::unique_ptr<CertificateFetcher> fetcher, const Options& options = Options());
 
   explicit
   ValidatorConfig(Face& face, const Options& options = Options());
@@ -55,11 +55,11 @@
   load(std::istream& input, const std::string& filename);
 
   void
-  load(const v2::validator_config::ConfigSection& configSection,
+  load(const validator_config::ConfigSection& configSection,
        const std::string& filename);
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-  v2::ValidationPolicyConfig& m_policyConfig;
+  ValidationPolicyConfig& m_policyConfig;
 };
 
 } // namespace security
diff --git a/ndn-cxx/security/v2/validator-config/checker.cpp b/ndn-cxx/security/validator-config/checker.cpp
similarity index 97%
rename from ndn-cxx/security/v2/validator-config/checker.cpp
rename to ndn-cxx/security/validator-config/checker.cpp
index db07441..d86bf4d 100644
--- a/ndn-cxx/security/v2/validator-config/checker.cpp
+++ b/ndn-cxx/security/validator-config/checker.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,8 +19,8 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 #include "ndn-cxx/security/verification-helpers.hpp"
 #include "ndn-cxx/security/pib/key.hpp"
 
@@ -28,7 +28,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 bool
@@ -321,6 +321,6 @@
 }
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/checker.hpp b/ndn-cxx/security/validator-config/checker.hpp
similarity index 90%
rename from ndn-cxx/security/v2/validator-config/checker.hpp
rename to ndn-cxx/security/validator-config/checker.hpp
index fb9a169..b698226 100644
--- a/ndn-cxx/security/v2/validator-config/checker.hpp
+++ b/ndn-cxx/security/validator-config/checker.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,17 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
 
 #include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
 #include "ndn-cxx/util/regex.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 class ValidationState;
 
@@ -129,8 +129,8 @@
 };
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
diff --git a/ndn-cxx/security/v2/validator-config/common.hpp b/ndn-cxx/security/validator-config/common.hpp
similarity index 84%
rename from ndn-cxx/security/v2/validator-config/common.hpp
rename to ndn-cxx/security/validator-config/common.hpp
index 21c690f..06aa516 100644
--- a/ndn-cxx/security/v2/validator-config/common.hpp
+++ b/ndn-cxx/security/validator-config/common.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -21,8 +21,8 @@
  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
 
 #include "ndn-cxx/detail/common.hpp"
 
@@ -30,7 +30,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 typedef boost::property_tree::ptree ConfigSection;
@@ -42,8 +42,8 @@
 };
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
diff --git a/ndn-cxx/security/v2/validator-config/filter.cpp b/ndn-cxx/security/validator-config/filter.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validator-config/filter.cpp
rename to ndn-cxx/security/validator-config/filter.cpp
index 8fa8b2e..e0cc0ee 100644
--- a/ndn-cxx/security/v2/validator-config/filter.cpp
+++ b/ndn-cxx/security/validator-config/filter.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
 
 #include "ndn-cxx/data.hpp"
 #include "ndn-cxx/interest.hpp"
@@ -30,7 +30,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 bool
@@ -142,6 +142,6 @@
 }
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/filter.hpp b/ndn-cxx/security/validator-config/filter.hpp
similarity index 89%
rename from ndn-cxx/security/v2/validator-config/filter.hpp
rename to ndn-cxx/security/validator-config/filter.hpp
index f5af85e..a199362 100644
--- a/ndn-cxx/security/v2/validator-config/filter.hpp
+++ b/ndn-cxx/security/validator-config/filter.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,18 +19,18 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
 
 #include "ndn-cxx/data.hpp"
 #include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
 #include "ndn-cxx/util/regex.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 /**
@@ -135,8 +135,8 @@
 };
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
diff --git a/ndn-cxx/security/v2/validator-config/name-relation.cpp b/ndn-cxx/security/validator-config/name-relation.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validator-config/name-relation.cpp
rename to ndn-cxx/security/validator-config/name-relation.cpp
index 0f27aa9..05804d1 100644
--- a/ndn-cxx/security/v2/validator-config/name-relation.cpp
+++ b/ndn-cxx/security/validator-config/name-relation.cpp
@@ -19,13 +19,13 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
 
 #include <boost/algorithm/string/predicate.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 std::ostream&
@@ -74,6 +74,6 @@
 }
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/name-relation.hpp b/ndn-cxx/security/validator-config/name-relation.hpp
similarity index 82%
rename from ndn-cxx/security/v2/validator-config/name-relation.hpp
rename to ndn-cxx/security/validator-config/name-relation.hpp
index aa236df..098e5ae 100644
--- a/ndn-cxx/security/v2/validator-config/name-relation.hpp
+++ b/ndn-cxx/security/validator-config/name-relation.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,15 +19,15 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
 
 #include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 enum class NameRelation {
@@ -53,8 +53,8 @@
 getNameRelationFromString(const std::string& relationString);
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
diff --git a/ndn-cxx/security/v2/validator-config/rule.cpp b/ndn-cxx/security/validator-config/rule.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validator-config/rule.cpp
rename to ndn-cxx/security/validator-config/rule.cpp
index f0a5249..91807d9 100644
--- a/ndn-cxx/security/v2/validator-config/rule.cpp
+++ b/ndn-cxx/security/validator-config/rule.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
 #include "ndn-cxx/util/logger.hpp"
 
 #include <boost/algorithm/string/predicate.hpp>
@@ -28,7 +28,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 
 Rule::Rule(const std::string& id, uint32_t pktType)
@@ -164,6 +164,6 @@
 }
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/rule.hpp b/ndn-cxx/security/validator-config/rule.hpp
similarity index 89%
rename from ndn-cxx/security/v2/validator-config/rule.hpp
rename to ndn-cxx/security/validator-config/rule.hpp
index 53dc81c..9d43c59 100644
--- a/ndn-cxx/security/v2/validator-config/rule.hpp
+++ b/ndn-cxx/security/validator-config/rule.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,15 +19,15 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
 
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 class ValidationState;
 
@@ -106,8 +106,8 @@
 };
 
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
diff --git a/ndn-cxx/security/validator-null.cpp b/ndn-cxx/security/validator-null.cpp
index 4299d82..35c66cf 100644
--- a/ndn-cxx/security/validator-null.cpp
+++ b/ndn-cxx/security/validator-null.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -20,25 +20,25 @@
  */
 
 #include "ndn-cxx/security/validator-null.hpp"
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 ValidatorNull::ValidatorNull()
   : Validator(make_unique<ValidationPolicyAcceptAll>(), make_unique<CertificateFetcherOffline>())
 {
 }
 
-security::v2::Validator&
+Validator&
 getAcceptAllValidator()
 {
-  static security::ValidatorNull validator;
+  static ValidatorNull validator;
   return validator;
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validator-null.hpp b/ndn-cxx/security/validator-null.hpp
index 7ed55e8..c1517cf 100644
--- a/ndn-cxx/security/validator-null.hpp
+++ b/ndn-cxx/security/validator-null.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,11 +22,11 @@
 #ifndef NDN_SECURITY_VALIDATOR_NULL_HPP
 #define NDN_SECURITY_VALIDATOR_NULL_HPP
 
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
 /**
  * @brief Validator with "accept-all" policy and offline certificate fetcher
@@ -37,14 +37,10 @@
   ValidatorNull();
 };
 
-security::v2::Validator&
+Validator&
 getAcceptAllValidator();
 
-} // namespace v2
-
-using v2::ValidatorNull;
-using v2::getAcceptAllValidator;
-
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
diff --git a/ndn-cxx/security/v2/validator.cpp b/ndn-cxx/security/validator.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validator.cpp
rename to ndn-cxx/security/validator.cpp
index 1219f4c..2372352 100644
--- a/ndn-cxx/security/v2/validator.cpp
+++ b/ndn-cxx/security/validator.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
 
 #include "ndn-cxx/face.hpp"
 #include "ndn-cxx/security/transform/public-key.hpp"
@@ -27,9 +27,9 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 
-NDN_LOG_INIT(ndn.security.v2.Validator);
+NDN_LOG_INIT(ndn.security.Validator);
 
 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -212,6 +212,6 @@
   CertificateStorage::resetVerifiedCerts();
 }
 
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/ndn-cxx/security/validator.hpp b/ndn-cxx/security/validator.hpp
new file mode 100644
index 0000000..214eda7
--- /dev/null
+++ b/ndn-cxx/security/validator.hpp
@@ -0,0 +1,189 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATOR_HPP
+#define NDN_SECURITY_VALIDATOR_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-callback.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+
+namespace ndn {
+
+class Face;
+
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Interface for validating data and interest packets.
+ *
+ * Every time a validation process initiated, it creates a ValidationState that exist until
+ * validation finishes with either success or failure.  This state serves several purposes:
+ * - record Interest or Data packet being validated
+ * - record failure callback
+ * - record certificates in the certification chain for the Interest or Data packet being validated
+ * - record names of the requested certificates to detect loops in the certificate chain
+ * - keep track of the validation chain size (aka validation "depth")
+ *
+ * During validation, policy and/or key fetcher can augment validation state with policy- and
+ * fetcher-specific information using ndn::Tag's.
+ *
+ * A validator has a trust anchor cache to save static and dynamic trust anchors, a verified
+ * certificate cache for saving certificates that are already verified and an unverified
+ * certificate cache for saving prefetched but not yet verified certificates.
+ *
+ * @todo Limit the maximum time the validation process is allowed to run before declaring failure
+ * @todo Ability to customize maximum lifetime for trusted and untrusted certificate caches.
+ *       Current implementation hard-codes them to be 1 hour and 5 minutes.
+ */
+class Validator : public CertificateStorage
+{
+public:
+  /**
+   * @brief Validator constructor.
+   *
+   * @param policy      Validation policy to be associated with the validator
+   * @param certFetcher Certificate fetcher implementation.
+   */
+  Validator(unique_ptr<ValidationPolicy> policy, unique_ptr<CertificateFetcher> certFetcher);
+
+  ~Validator();
+
+  ValidationPolicy&
+  getPolicy();
+
+  CertificateFetcher&
+  getFetcher();
+
+  /**
+   * @brief Set the maximum depth of the certificate chain
+   */
+  void
+  setMaxDepth(size_t depth);
+
+  /**
+   * @return The maximum depth of the certificate chain
+   */
+  size_t
+  getMaxDepth() const;
+
+  /**
+   * @brief Asynchronously validate @p data
+   *
+   * @note @p successCb and @p failureCb must not be nullptr
+   */
+  void
+  validate(const Data& data,
+           const DataValidationSuccessCallback& successCb,
+           const DataValidationFailureCallback& failureCb);
+
+  /**
+   * @brief Asynchronously validate @p interest
+   *
+   * @note @p successCb and @p failureCb must not be nullptr
+   */
+  void
+  validate(const Interest& interest,
+           const InterestValidationSuccessCallback& successCb,
+           const InterestValidationFailureCallback& failureCb);
+
+public: // anchor management
+  /**
+   * @brief load static trust anchor.
+   *
+   * Static trust anchors are permanently associated with the validator and never expire.
+   *
+   * @param groupId  Certificate group id.
+   * @param cert     Certificate to load as a trust anchor.
+   */
+  void
+  loadAnchor(const std::string& groupId, Certificate&& cert);
+
+  /**
+   * @brief load dynamic trust anchors.
+   *
+   * Dynamic trust anchors are associated with the validator for as long as the underlying
+   * trust anchor file (set of files) exist(s).
+   *
+   * @param groupId          Certificate group id, must not be empty.
+   * @param certfilePath     Specifies the path to load the trust anchors.
+   * @param refreshPeriod    Refresh period for the trust anchors, must be positive.
+   * @param isDir            Tells whether the path is a directory or a single file.
+   */
+  void
+  loadAnchor(const std::string& groupId, const std::string& certfilePath,
+             time::nanoseconds refreshPeriod, bool isDir = false);
+
+  /**
+   * @brief remove any previously loaded static or dynamic trust anchor
+   */
+  void
+  resetAnchors();
+
+  /**
+   * @brief Cache verified @p cert a period of time (1 hour)
+   *
+   * @todo Add ability to customize time period
+   */
+  void
+  cacheVerifiedCertificate(Certificate&& cert);
+
+  /**
+   * @brief Remove any cached verified certificates
+   */
+  void
+  resetVerifiedCertificates();
+
+private: // Common validator operations
+  /**
+   * @brief Recursive validation of the certificate in the certification chain
+   *
+   * @param cert   The certificate to check.
+   * @param state  The current validation state.
+   */
+  void
+  validate(const Certificate& cert, const shared_ptr<ValidationState>& state);
+
+  /**
+   * @brief Request certificate for further validation.
+   *
+   * @param certRequest  Certificate request.
+   * @param state        The current validation state.
+   */
+  void
+  requestCertificate(const shared_ptr<CertificateRequest>& certRequest,
+                     const shared_ptr<ValidationState>& state);
+
+private:
+  unique_ptr<ValidationPolicy> m_policy;
+  unique_ptr<CertificateFetcher> m_certFetcher;
+  size_t m_maxDepth;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATOR_HPP
diff --git a/ndn-cxx/security/verification-helpers.cpp b/ndn-cxx/security/verification-helpers.cpp
index cb79ac9..0477e4e 100644
--- a/ndn-cxx/security/verification-helpers.cpp
+++ b/ndn-cxx/security/verification-helpers.cpp
@@ -22,8 +22,9 @@
 #include "ndn-cxx/security/verification-helpers.hpp"
 
 #include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
 #include "ndn-cxx/encoding/buffer-stream.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 #include "ndn-cxx/security/impl/openssl.hpp"
 #include "ndn-cxx/security/pib/key.hpp"
 #include "ndn-cxx/security/tpm/key-handle.hpp"
@@ -34,7 +35,6 @@
 #include "ndn-cxx/security/transform/public-key.hpp"
 #include "ndn-cxx/security/transform/stream-sink.hpp"
 #include "ndn-cxx/security/transform/verifier-filter.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
 
 namespace ndn {
 namespace security {
diff --git a/ndn-cxx/security/verification-helpers.hpp b/ndn-cxx/security/verification-helpers.hpp
index 3399821..2f9178a 100644
--- a/ndn-cxx/security/verification-helpers.hpp
+++ b/ndn-cxx/security/verification-helpers.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -44,9 +44,9 @@
 class PublicKey;
 } // namespace transform
 
-namespace v2 {
+inline namespace v2 {
 class Certificate;
-} // namespace v2
+} // inline namespace v2
 
 /**
  * @brief Verify @p blob using @p key against @p sig.
diff --git a/ndn-cxx/util/notification-stream.hpp b/ndn-cxx/util/notification-stream.hpp
index 4dc5862..3c10c74 100644
--- a/ndn-cxx/util/notification-stream.hpp
+++ b/ndn-cxx/util/notification-stream.hpp
@@ -1,12 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2014-2018 Regents of the University of California,
- *                         Arizona Board of Regents,
- *                         Colorado State University,
- *                         University Pierre & Marie Curie, Sorbonne University,
- *                         Washington University in St. Louis,
- *                         Beijing Institute of Technology,
- *                         The University of Memphis.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -30,7 +24,7 @@
 
 #include "ndn-cxx/face.hpp"
 #include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 #include "ndn-cxx/util/concepts.hpp"
 
 namespace ndn {
diff --git a/ndn-cxx/util/segment-fetcher.hpp b/ndn-cxx/util/segment-fetcher.hpp
index 30879d6..a35d69b 100644
--- a/ndn-cxx/util/segment-fetcher.hpp
+++ b/ndn-cxx/util/segment-fetcher.hpp
@@ -1,8 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2020 Regents of the University of California,
- *                         Colorado State University,
- *                         University Pierre & Marie Curie, Sorbonne University.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,7 +23,7 @@
 #define NDN_UTIL_SEGMENT_FETCHER_HPP
 
 #include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
 #include "ndn-cxx/util/rtt-estimator.hpp"
 #include "ndn-cxx/util/scheduler.hpp"
 #include "ndn-cxx/util/signal.hpp"
diff --git a/tests/identity-management-fixture.cpp b/tests/identity-management-fixture.cpp
index 3877a23..0c95567 100644
--- a/tests/identity-management-fixture.cpp
+++ b/tests/identity-management-fixture.cpp
@@ -21,7 +21,7 @@
 
 #include "tests/identity-management-fixture.hpp"
 
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
 #include "ndn-cxx/util/io.hpp"
 
 #include <boost/filesystem.hpp>
diff --git a/tests/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
index ba42ca3..7c0ffbd 100644
--- a/tests/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,7 +22,7 @@
 #ifndef NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
 #define NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 #include "ndn-cxx/security/signing-helpers.hpp"
 
 #include "tests/test-home-fixture.hpp"
diff --git a/tests/test-home-fixture.hpp b/tests/test-home-fixture.hpp
index 63d5d88..68ffd50 100644
--- a/tests/test-home-fixture.hpp
+++ b/tests/test-home-fixture.hpp
@@ -22,7 +22,7 @@
 #ifndef NDN_TESTS_TEST_HOME_FIXTURE_HPP
 #define NDN_TESTS_TEST_HOME_FIXTURE_HPP
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 #include <cstdlib>
 #include <fstream>
@@ -76,8 +76,8 @@
     }
 
     boost::filesystem::remove_all(m_pibDir);
-    const_cast<std::string&>(security::v2::KeyChain::getDefaultPibLocator()).clear();
-    const_cast<std::string&>(security::v2::KeyChain::getDefaultTpmLocator()).clear();
+    const_cast<std::string&>(KeyChain::getDefaultPibLocator()).clear();
+    const_cast<std::string&>(KeyChain::getDefaultTpmLocator()).clear();
   }
 
 protected:
diff --git a/tests/tests-pch.hpp b/tests/tests-pch.hpp
index a81f7bf..f60e472 100644
--- a/tests/tests-pch.hpp
+++ b/tests/tests-pch.hpp
@@ -27,7 +27,7 @@
 #include "ndn-cxx/data.hpp"
 #include "ndn-cxx/interest.hpp"
 #include "ndn-cxx/lp/nack.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 
 #include "tests/boost-test.hpp"
 
diff --git a/tests/unit/dummy-validator.hpp b/tests/unit/dummy-validator.hpp
index aab9114..bb05167 100644
--- a/tests/unit/dummy-validator.hpp
+++ b/tests/unit/dummy-validator.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,9 +22,9 @@
 #ifndef NDN_TESTS_UNIT_DUMMY_VALIDATOR_HPP
 #define NDN_TESTS_UNIT_DUMMY_VALIDATOR_HPP
 
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
 
 namespace ndn {
 namespace tests {
diff --git a/tests/unit/mgmt/nfd/controller-fixture.hpp b/tests/unit/mgmt/nfd/controller-fixture.hpp
index bc42e20..c210fcf 100644
--- a/tests/unit/mgmt/nfd/controller-fixture.hpp
+++ b/tests/unit/mgmt/nfd/controller-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,7 +23,7 @@
 #define NDN_TESTS_UNIT_MGMT_NFD_CONTROLLER_FIXTURE_HPP
 
 #include "ndn-cxx/mgmt/nfd/controller.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
 #include "ndn-cxx/util/dummy-client-face.hpp"
 
 #include "tests/unit/dummy-validator.hpp"
diff --git a/tests/unit/security/v2/additional-description.t.cpp b/tests/unit/security/additional-description.t.cpp
similarity index 96%
rename from tests/unit/security/v2/additional-description.t.cpp
rename to tests/unit/security/additional-description.t.cpp
index 86a3a90..657870f 100644
--- a/tests/unit/security/v2/additional-description.t.cpp
+++ b/tests/unit/security/additional-description.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
 
 #include "tests/boost-test.hpp"
 
diff --git a/tests/unit/security/v2/certificate-bundle-fetcher.t.cpp b/tests/unit/security/certificate-bundle-fetcher.t.cpp
similarity index 91%
rename from tests/unit/security/v2/certificate-bundle-fetcher.t.cpp
rename to tests/unit/security/certificate-bundle-fetcher.t.cpp
index cd96300..5c05148 100644
--- a/tests/unit/security/v2/certificate-bundle-fetcher.t.cpp
+++ b/tests/unit/security/certificate-bundle-fetcher.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,23 +19,22 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-bundle-fetcher.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-bundle-fetcher.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 #include "ndn-cxx/util/regex/regex-pattern-list-matcher.hpp"
 #include "ndn-cxx/lp/nack.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(TestCertificateBundleFetcher)
 
 class CertificateBundleFetcherWrapper : public CertificateBundleFetcher
@@ -69,9 +68,9 @@
 {
 public:
   CertificateBundleFetcherFixture()
-    : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
+    : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
   {
-    subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+    subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
     cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
 
     m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -182,10 +181,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateBundleFetcher
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/certificate-cache.t.cpp b/tests/unit/security/certificate-cache.t.cpp
similarity index 92%
rename from tests/unit/security/v2/certificate-cache.t.cpp
rename to tests/unit/security/certificate-cache.t.cpp
index 8062c18..65614ac 100644
--- a/tests/unit/security/v2/certificate-cache.t.cpp
+++ b/tests/unit/security/certificate-cache.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,18 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/unit/identity-management-time-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 
 class CertificateCacheFixture : public ndn::tests::IdentityManagementTimeFixture
 {
@@ -84,10 +83,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateCache
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp b/tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
similarity index 93%
rename from tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp
rename to tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
index 7e513c6..9f8c24f 100644
--- a/tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp
+++ b/tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,26 +19,25 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 #include "ndn-cxx/lp/nack.hpp"
 #include "ndn-cxx/lp/tags.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 #include <boost/range/adaptor/sliced.hpp>
 #include <boost/range/adaptor/strided.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(TestCertificateFetcherDirectFetch)
 
 class Cert
@@ -66,11 +65,11 @@
 
 public:
   CertificateFetcherDirectFetchFixture()
-    : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
-    , interest("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest")
-    , interestNoTag("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest2")
+    : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
+    , interest("/Security/ValidatorFixture/Sub1/Sub3/Interest")
+    , interestNoTag("/Security/ValidatorFixture/Sub1/Sub3/Interest2")
   {
-    Identity subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+    Identity subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
     cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
 
     m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -258,10 +257,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherDirectFetch
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-from-network.t.cpp b/tests/unit/security/certificate-fetcher-from-network.t.cpp
similarity index 86%
rename from tests/unit/security/v2/certificate-fetcher-from-network.t.cpp
rename to tests/unit/security/certificate-fetcher-from-network.t.cpp
index a7b1388..56677b7 100644
--- a/tests/unit/security/v2/certificate-fetcher-from-network.t.cpp
+++ b/tests/unit/security/certificate-fetcher-from-network.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,22 +19,21 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 #include "ndn-cxx/lp/nack.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(TestCertificateFetcherFromNetwork)
 
 class Cert
@@ -55,10 +54,10 @@
 {
 public:
   CertificateFetcherFromNetworkFixture()
-    : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
-    , interest("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest")
+    : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
+    , interest("/Security/ValidatorFixture/Sub1/Sub3/Interest")
   {
-    Identity subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+    Identity subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
     cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
 
     m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -131,10 +130,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherFromNetwork
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-offline.t.cpp b/tests/unit/security/certificate-fetcher-offline.t.cpp
similarity index 84%
rename from tests/unit/security/v2/certificate-fetcher-offline.t.cpp
rename to tests/unit/security/certificate-fetcher-offline.t.cpp
index bdf61c6..0a11d24 100644
--- a/tests/unit/security/v2/certificate-fetcher-offline.t.cpp
+++ b/tests/unit/security/certificate-fetcher-offline.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,21 +19,20 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 
 class CertificateFetcherOfflineWrapper : public CertificateFetcherOffline
 {
@@ -52,7 +51,7 @@
 
 BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
 {
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Packet");
 
   Packet packet = unsignedPacket;
   m_keyChain.sign(packet, signingByIdentity(subIdentity));
@@ -66,10 +65,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherOffline
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/certificate.t.cpp b/tests/unit/security/certificate.t.cpp
similarity index 98%
rename from tests/unit/security/v2/certificate.t.cpp
rename to tests/unit/security/certificate.t.cpp
index 91bb5c1..f645dbd 100644
--- a/tests/unit/security/v2/certificate.t.cpp
+++ b/tests/unit/security/certificate.t.cpp
@@ -21,7 +21,7 @@
  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
  */
 
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/unit/unit-test-time-fixture.hpp"
@@ -30,13 +30,12 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_FIXTURE_TEST_SUITE(TestCertificate, UnitTestTimeFixture)
 
 const uint8_t PUBLIC_KEY[] = {
@@ -275,10 +274,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificate
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/key-chain.t.cpp b/tests/unit/security/key-chain.t.cpp
similarity index 98%
rename from tests/unit/security/v2/key-chain.t.cpp
rename to tests/unit/security/key-chain.t.cpp
index 7f6abb0..6e85b75 100644
--- a/tests/unit/security/v2/key-chain.t.cpp
+++ b/tests/unit/security/key-chain.t.cpp
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
 #include "ndn-cxx/security/signing-helpers.hpp"
 #include "ndn-cxx/security/verification-helpers.hpp"
 #include "ndn-cxx/security/transform/private-key.hpp"
@@ -30,13 +30,12 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
 
 template<class Path>
@@ -466,7 +465,7 @@
 
 BOOST_FIXTURE_TEST_CASE(SelfSignedCertValidity, IdentityManagementFixture)
 {
-  Certificate cert = addIdentity("/Security/V2/TestKeyChain/SelfSignedCertValidity")
+  Certificate cert = addIdentity("/Security/TestKeyChain/SelfSignedCertValidity")
                        .getDefaultKey()
                        .getDefaultCertificate();
   BOOST_CHECK(cert.isValid());
@@ -475,10 +474,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/pib/pib-data-fixture.hpp b/tests/unit/security/pib/pib-data-fixture.hpp
index 21af850..66e65eb 100644
--- a/tests/unit/security/pib/pib-data-fixture.hpp
+++ b/tests/unit/security/pib/pib-data-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,7 +22,7 @@
 #ifndef NDN_TESTS_UNIT_SECURITY_PIB_DATA_FIXTURE_HPP
 #define NDN_TESTS_UNIT_SECURITY_PIB_DATA_FIXTURE_HPP
 
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
 
 namespace ndn {
 namespace security {
@@ -34,14 +34,14 @@
   PibDataFixture();
 
 public:
-  v2::Certificate id1Key1Cert1;
-  v2::Certificate id1Key1Cert2;
-  v2::Certificate id1Key2Cert1;
-  v2::Certificate id1Key2Cert2;
-  v2::Certificate id2Key1Cert1;
-  v2::Certificate id2Key1Cert2;
-  v2::Certificate id2Key2Cert1;
-  v2::Certificate id2Key2Cert2;
+  Certificate id1Key1Cert1;
+  Certificate id1Key1Cert2;
+  Certificate id1Key2Cert1;
+  Certificate id1Key2Cert2;
+  Certificate id2Key1Cert1;
+  Certificate id2Key1Cert2;
+  Certificate id2Key2Cert1;
+  Certificate id2Key2Cert2;
 
   Name id1;
   Name id2;
diff --git a/tests/unit/security/v2/trust-anchor-container.t.cpp b/tests/unit/security/trust-anchor-container.t.cpp
similarity index 96%
rename from tests/unit/security/v2/trust-anchor-container.t.cpp
rename to tests/unit/security/trust-anchor-container.t.cpp
index 8ed4cec..b25805f 100644
--- a/tests/unit/security/v2/trust-anchor-container.t.cpp
+++ b/tests/unit/security/trust-anchor-container.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
 #include "ndn-cxx/util/io.hpp"
 
 #include "tests/boost-test.hpp"
@@ -29,13 +29,12 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 
 /**
  * This fixture creates a directory and prepares two certificates.
@@ -183,10 +182,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestTrustAnchorContainer
-BOOST_AUTO_TEST_SUITE_END() // Detail
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validation-error.t.cpp b/tests/unit/security/validation-error.t.cpp
similarity index 90%
rename from tests/unit/security/v2/validation-error.t.cpp
rename to tests/unit/security/validation-error.t.cpp
index 21821ee..6ecb94f 100644
--- a/tests/unit/security/v2/validation-error.t.cpp
+++ b/tests/unit/security/validation-error.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,18 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
 
 #include "tests/boost-test.hpp"
 #include <boost/lexical_cast.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(TestValidationError)
 
 BOOST_AUTO_TEST_CASE(Basic)
@@ -52,10 +51,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidationError
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-accept-all.t.cpp b/tests/unit/security/validation-policy-accept-all.t.cpp
similarity index 83%
rename from tests/unit/security/v2/validation-policy-accept-all.t.cpp
rename to tests/unit/security/validation-policy-accept-all.t.cpp
index 9d7d927..6a9f0f1 100644
--- a/tests/unit/security/v2/validation-policy-accept-all.t.cpp
+++ b/tests/unit/security/validation-policy-accept-all.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,29 +19,28 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 #include <boost/mpl/vector.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 
 class ValidationPolicyAcceptAllFixture : public ValidatorFixture<ValidationPolicyAcceptAll>
 {
 public:
   ValidationPolicyAcceptAllFixture()
   {
-    identity = addIdentity("/Security/V2/TestValidationPolicyAcceptAll");
+    identity = addIdentity("/Security/TestValidationPolicyAcceptAll");
     // don't add trust anchors
   }
 
@@ -55,7 +54,7 @@
 
 BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
 {
-  Packet unsignedPacket("/Security/V2/TestValidationPolicyAcceptAll/Sub/Packet");
+  Packet unsignedPacket("/Security/TestValidationPolicyAcceptAll/Sub/Packet");
 
   Packet packet = unsignedPacket;
   VALIDATE_SUCCESS(packet, "Should accept unsigned");
@@ -70,10 +69,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyAcceptAll
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-command-interest.t.cpp b/tests/unit/security/validation-policy-command-interest.t.cpp
similarity index 93%
rename from tests/unit/security/v2/validation-policy-command-interest.t.cpp
rename to tests/unit/security/validation-policy-command-interest.t.cpp
index a061a27..da6ced7 100644
--- a/tests/unit/security/v2/validation-policy-command-interest.t.cpp
+++ b/tests/unit/security/validation-policy-command-interest.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,28 +19,27 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
 #include "ndn-cxx/security/command-interest-signer.hpp"
 #include "ndn-cxx/security/signing-helpers.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/make-interest-data.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 #include <boost/lexical_cast.hpp>
 #include <boost/mpl/vector.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 
 class DefaultOptions
 {
@@ -102,7 +101,7 @@
 
 BOOST_AUTO_TEST_CASE(DataPassthru)
 {
-  Data d1("/Security/V2/ValidatorFixture/Sub1");
+  Data d1("/Security/ValidatorFixture/Sub1");
   m_keyChain.sign(d1);
   VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
 }
@@ -324,13 +323,13 @@
 
 BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
 {
-  Identity id1 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub1", identity);
+  Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
   this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
-  Identity id2 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub2", identity);
+  Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
   this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
-  Identity id3 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub3", identity);
+  Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
   this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
-  Identity id4 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub4", identity);
+  Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
   this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
 
   auto i1 = makeCommandInterest(id2);
@@ -377,7 +376,7 @@
 {
   std::vector<Identity> identities;
   for (int i = 0; i < 20; ++i) {
-    Identity id = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub" + to_string(i), identity);
+    Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
     this->cache.insert(id.getDefaultKey().getDefaultCertificate());
     identities.push_back(id);
   }
@@ -476,10 +475,9 @@
 BOOST_AUTO_TEST_SUITE_END() // Options
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-config.t.cpp b/tests/unit/security/validation-policy-config.t.cpp
similarity index 95%
rename from tests/unit/security/v2/validation-policy-config.t.cpp
rename to tests/unit/security/validation-policy-config.t.cpp
index f7a4506..53f6778 100644
--- a/tests/unit/security/v2/validation-policy-config.t.cpp
+++ b/tests/unit/security/validation-policy-config.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
 #include "ndn-cxx/security/transform/base64-encode.hpp"
 #include "ndn-cxx/security/transform/buffer-source.hpp"
 #include "ndn-cxx/security/transform/stream-sink.hpp"
@@ -27,12 +27,12 @@
 #include "ndn-cxx/util/io.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
@@ -40,7 +40,6 @@
 using namespace ndn::security::v2::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(TestValidationPolicyConfig)
 
 BOOST_FIXTURE_TEST_CASE(EmptyConfig, HierarchicalValidatorFixture<ValidationPolicyConfig>)
@@ -52,11 +51,11 @@
   BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
   BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
 
-  Data d("/Security/V2/ValidationPolicyConfig/D");
+  Data d("/Security/ValidationPolicyConfig/D");
   this->m_keyChain.sign(d, signingByIdentity(this->identity));
   VALIDATE_FAILURE(d, "Empty policy should reject everything");
 
-  Interest i("/Security/V2/ValidationPolicyConfig/I");
+  Interest i("/Security/ValidationPolicyConfig/I");
   this->m_keyChain.sign(i, signingByIdentity(this->identity));
   VALIDATE_FAILURE(i, "Empty policy should reject everything");
 }
@@ -340,7 +339,7 @@
   BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
 
   using Packet = typename Policy::Packet;
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
 
   Packet packet = unsignedPacket;
   VALIDATE_FAILURE(packet, "Unsigned");
@@ -372,7 +371,7 @@
   BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
 
   using Packet = typename Policy::Packet;
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
 
   Packet packet = unsignedPacket;
   VALIDATE_FAILURE(packet, "Unsigned");
@@ -474,7 +473,7 @@
   BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
   BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
 
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
 
   Packet packet = unsignedPacket;
   VALIDATE_SUCCESS(packet, "Policy should accept everything");
@@ -510,7 +509,7 @@
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateRefresh, Refresh, RefreshPolicies, RefreshPolicyFixture<Refresh>)
 {
   using Packet = Data;
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
 
   boost::filesystem::remove(this->path / "keys" / "identity.ndncert");
   this->advanceClocks(Refresh::getRefreshTime(), 3);
@@ -548,11 +547,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp b/tests/unit/security/validation-policy-simple-hierarchy.t.cpp
similarity index 87%
rename from tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp
rename to tests/unit/security/validation-policy-simple-hierarchy.t.cpp
index 96f936e..9c8816a 100644
--- a/tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp
+++ b/tests/unit/security/validation-policy-simple-hierarchy.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,22 +19,21 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 #include <boost/mpl/vector.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_FIXTURE_TEST_SUITE(TestValidationPolicySimpleHierarchy,
                          HierarchicalValidatorFixture<ValidationPolicySimpleHierarchy>)
 
@@ -42,7 +41,7 @@
 
 BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
 {
-  Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+  Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
 
   Packet packet = unsignedPacket;
   VALIDATE_FAILURE(packet, "Unsigned");
@@ -71,10 +70,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidator
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/validator-config.t.cpp b/tests/unit/security/validator-config.t.cpp
index 06e66b0..b4654ac 100644
--- a/tests/unit/security/validator-config.t.cpp
+++ b/tests/unit/security/validator-config.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -20,13 +20,13 @@
  */
 
 #include "ndn-cxx/security/validator-config.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
 #include "ndn-cxx/security/command-interest-signer.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
 #include "ndn-cxx/util/dummy-client-face.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/identity-management-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
 
 namespace ndn {
 namespace security {
diff --git a/tests/unit/security/v2/validator-config/checker.t.cpp b/tests/unit/security/validator-config/checker.t.cpp
similarity index 96%
rename from tests/unit/security/v2/validator-config/checker.t.cpp
rename to tests/unit/security/validator-config/checker.t.cpp
index 675ec23..a5fb205 100644
--- a/tests/unit/security/v2/validator-config/checker.t.cpp
+++ b/tests/unit/security/validator-config/checker.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,25 +19,24 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
 #include "ndn-cxx/security/command-interest-signer.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(ValidatorConfig)
 
 class CheckerFixture : public IdentityManagementFixture
@@ -358,11 +357,10 @@
 
 BOOST_AUTO_TEST_SUITE_END() // TestChecker
 BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/common.hpp b/tests/unit/security/validator-config/common.hpp
similarity index 90%
rename from tests/unit/security/v2/validator-config/common.hpp
rename to tests/unit/security/validator-config/common.hpp
index 1083eb5..de72e3f 100644
--- a/tests/unit/security/v2/validator-config/common.hpp
+++ b/tests/unit/security/validator-config/common.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,13 +22,13 @@
 #ifndef NDN_TESTS_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
 #define NDN_TESTS_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
 
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
 
 #include <boost/property_tree/info_parser.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
@@ -43,7 +43,7 @@
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
diff --git a/tests/unit/security/v2/validator-config/filter.t.cpp b/tests/unit/security/validator-config/filter.t.cpp
similarity index 95%
rename from tests/unit/security/v2/validator-config/filter.t.cpp
rename to tests/unit/security/validator-config/filter.t.cpp
index d02d745..2b3bf6d 100644
--- a/tests/unit/security/v2/validator-config/filter.t.cpp
+++ b/tests/unit/security/validator-config/filter.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,23 +19,22 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
 #include "ndn-cxx/security/command-interest-signer.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/identity-management-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(ValidatorConfig)
 
 class FilterFixture : public IdentityManagementFixture
@@ -191,11 +190,10 @@
 
 BOOST_AUTO_TEST_SUITE_END() // TestFilter
 BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/name-relation.t.cpp b/tests/unit/security/validator-config/name-relation.t.cpp
similarity index 92%
rename from tests/unit/security/v2/validator-config/name-relation.t.cpp
rename to tests/unit/security/validator-config/name-relation.t.cpp
index ff23348..8879212 100644
--- a/tests/unit/security/v2/validator-config/name-relation.t.cpp
+++ b/tests/unit/security/validator-config/name-relation.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,7 +19,7 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
 
 #include "tests/boost-test.hpp"
 
@@ -27,12 +27,11 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(ValidatorConfig)
 BOOST_AUTO_TEST_SUITE(TestNameRelation)
 
@@ -69,11 +68,10 @@
 
 BOOST_AUTO_TEST_SUITE_END() // TestNameRelation
 BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/rule.t.cpp b/tests/unit/security/validator-config/rule.t.cpp
similarity index 94%
rename from tests/unit/security/v2/validator-config/rule.t.cpp
rename to tests/unit/security/validator-config/rule.t.cpp
index 558ffb4..dbc81bf 100644
--- a/tests/unit/security/v2/validator-config/rule.t.cpp
+++ b/tests/unit/security/validator-config/rule.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,17 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
 
 #include <boost/mpl/vector_c.hpp>
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace validator_config {
 namespace tests {
 
@@ -37,7 +37,6 @@
 using namespace ndn::security::v2::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_AUTO_TEST_SUITE(ValidatorConfig)
 
 template<uint32_t PktType>
@@ -198,11 +197,10 @@
 
 BOOST_AUTO_TEST_SUITE_END() // TestRule
 BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
 } // namespace validator_config
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/v2/validator-fixture.hpp b/tests/unit/security/validator-fixture.hpp
similarity index 88%
rename from tests/unit/security/v2/validator-fixture.hpp
rename to tests/unit/security/validator-fixture.hpp
index e5079bc..276ac40 100644
--- a/tests/unit/security/v2/validator-fixture.hpp
+++ b/tests/unit/security/validator-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,11 +19,11 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
-#define NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
+#ifndef NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
+#define NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
 
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
 #include "ndn-cxx/util/dummy-client-face.hpp"
 
 #include "tests/boost-test.hpp"
@@ -33,7 +33,7 @@
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 template<class ValidationPolicy, class CertificateFetcher = CertificateFetcherFromNetwork>
@@ -127,10 +127,10 @@
 public:
   HierarchicalValidatorFixture()
   {
-    identity = this->addIdentity("/Security/V2/ValidatorFixture");
-    subIdentity = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub1", identity);
-    subSelfSignedIdentity = this->addIdentity("/Security/V2/ValidatorFixture/Sub1/Sub2");
-    otherIdentity = this->addIdentity("/Security/V2/OtherIdentity");
+    identity = this->addIdentity("/Security/ValidatorFixture");
+    subIdentity = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
+    subSelfSignedIdentity = this->addIdentity("/Security/ValidatorFixture/Sub1/Sub2");
+    otherIdentity = this->addIdentity("/Security/OtherIdentity");
 
     this->validator.loadAnchor("", Certificate(identity.getDefaultKey().getDefaultCertificate()));
 
@@ -180,8 +180,8 @@
 };
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
+#endif // NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
diff --git a/tests/unit/security/v2/validator.t.cpp b/tests/unit/security/validator.t.cpp
similarity index 91%
rename from tests/unit/security/v2/validator.t.cpp
rename to tests/unit/security/validator.t.cpp
index b5a7e04..c87d348 100644
--- a/tests/unit/security/v2/validator.t.cpp
+++ b/tests/unit/security/validator.t.cpp
@@ -19,21 +19,20 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
 
 #include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
 
 namespace ndn {
 namespace security {
-namespace v2 {
+inline namespace v2 {
 namespace tests {
 
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
 BOOST_FIXTURE_TEST_SUITE(TestValidator, HierarchicalValidatorFixture<ValidationPolicySimpleHierarchy>)
 
 BOOST_AUTO_TEST_CASE(ConstructorSetValidator)
@@ -53,7 +52,7 @@
 {
   processInterest = nullptr; // no response for all interests
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   VALIDATE_FAILURE(data, "Should fail to retrieve certificate");
@@ -68,7 +67,7 @@
     face.receive(nack);
   };
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   VALIDATE_FAILURE(data, "All interests should get NACKed");
@@ -94,7 +93,7 @@
     }
   };
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   VALIDATE_FAILURE(data, "Signed by a malformed certificate");
@@ -120,7 +119,7 @@
     }
   };
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   VALIDATE_FAILURE(data, "Signed by an expired certificate");
@@ -131,14 +130,14 @@
 {
   validator.resetAnchors();
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
   VALIDATE_FAILURE(data, "Should fail, as no anchors configured");
 }
 
 BOOST_AUTO_TEST_CASE(TrustedCertCaching)
 {
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
@@ -160,7 +159,7 @@
 
 BOOST_AUTO_TEST_CASE(ResetVerifiedCertificates)
 {
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
   VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
 
@@ -175,7 +174,7 @@
 
 BOOST_AUTO_TEST_CASE(UntrustedCertCaching)
 {
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subSelfSignedIdentity));
 
   VALIDATE_FAILURE(data, "Should fail, as signed by the policy-violating cert");
@@ -209,15 +208,15 @@
 BOOST_FIXTURE_TEST_CASE(ValidateInterestsButBypassForData,
                         HierarchicalValidatorFixture<ValidationPolicySimpleHierarchyForInterestOnly>)
 {
-  Interest interest("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
+  Interest interest("/Security/ValidatorFixture/Sub1/Sub2/Interest");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Interest");
 
   VALIDATE_FAILURE(interest, "Unsigned");
   VALIDATE_SUCCESS(data, "Policy requests validation bypassing for all data");
   BOOST_CHECK_EQUAL(face.sentInterests.size(), 0);
   face.sentInterests.clear();
 
-  interest = Interest("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
+  interest = Interest("/Security/ValidatorFixture/Sub1/Sub2/Interest");
   m_keyChain.sign(interest, signingWithSha256());
   m_keyChain.sign(data, signingWithSha256());
   VALIDATE_FAILURE(interest, "Required KeyLocator/Name missing (not passed to policy)");
@@ -287,7 +286,7 @@
     face.receive(certificate);
   };
 
-  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
   m_keyChain.sign(data, signingByIdentity(subIdentity));
 
   validator.setMaxDepth(40);
@@ -335,10 +334,9 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestValidator
-BOOST_AUTO_TEST_SUITE_END() // V2
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
-} // namespace v2
+} // inline namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/verification-helpers.t.cpp b/tests/unit/security/verification-helpers.t.cpp
index c0c6b5a..dd5a832 100644
--- a/tests/unit/security/verification-helpers.t.cpp
+++ b/tests/unit/security/verification-helpers.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -466,7 +466,7 @@
   BOOST_CHECK(!verifySignature(unsignedInterest1, invalidKey, sizeof(invalidKey)));
 
   // - base version of verifySignature is tested transitively
-  // - pib::Key version is tested as part of v2/key-chain.t.cpp (Security/V2/TestKeyChain)
+  // - pib::Key version is tested as part of key-chain.t.cpp (Security/TestKeyChain)
 }
 
 BOOST_FIXTURE_TEST_CASE(VerifyHmac, IdentityManagementFixture)
diff --git a/tests/unit/unit-tests-pch.hpp b/tests/unit/unit-tests-pch.hpp
index 54e15f9..5f2ed67 100644
--- a/tests/unit/unit-tests-pch.hpp
+++ b/tests/unit/unit-tests-pch.hpp
@@ -27,7 +27,7 @@
 #include "ndn-cxx/face.hpp"
 #include "ndn-cxx/ims/in-memory-storage.hpp"
 #include "ndn-cxx/security/transform.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
 #include "ndn-cxx/util/config-file.hpp"
 
 #include "tests/identity-management-fixture.hpp"
diff --git a/tools/ndnsec/cert-gen.cpp b/tools/ndnsec/cert-gen.cpp
index c526654..9aef677 100644
--- a/tools/ndnsec/cert-gen.cpp
+++ b/tools/ndnsec/cert-gen.cpp
@@ -22,11 +22,11 @@
 #include "ndnsec.hpp"
 #include "util.hpp"
 
+#include "ndn-cxx/security/additional-description.hpp"
 #include "ndn-cxx/security/transform/base64-encode.hpp"
 #include "ndn-cxx/security/transform/buffer-source.hpp"
 #include "ndn-cxx/security/transform/public-key.hpp"
 #include "ndn-cxx/security/transform/stream-sink.hpp"
-#include "ndn-cxx/security/v2/additional-description.hpp"
 
 namespace ndn {
 namespace ndnsec {