docs: Update of tutorials and other minor fixes
Change-Id: I87d8679d38b3f17f8d4d8dbad3d5f01b3cc4ce7b
diff --git a/docs/tutorials/signed-interest.rst b/docs/tutorials/signed-interest.rst
new file mode 100644
index 0000000..093797a
--- /dev/null
+++ b/docs/tutorials/signed-interest.rst
@@ -0,0 +1,129 @@
+Signed Interest
+===============
+
+**Signed Interest** is a mechanism to issue an authenticated interest.
+
+The signature of a signed Interest packet is embedded into the last component of the Interest
+name. The signature covers a continuous block starting from the first name component TLV to the
+penultimate name component TLV:
+
+::
+
+ +-------------+----------+-----------------------------------------------------------------------------------+
+ | Interest | Interest | +------+--------+--------------------------------------------------+ +----------+ |
+ | Type (0x01) | length | | Name | Name | +---------+-- --+---------+---------+---------+| | Other | |
+ | | | | Type | Length | |Component| ... |Component|Component|Component|| | TLVs ... | |
+ | | | | | | | TLV 1 | | TLV n-2 | TLV n-1 | TLV n || | in | |
+ | | | | | | +---------+-- --+---------+---------+---------+| | Interest | |
+ | | | +------+--------+--------------------------------------------------+ +----------+ |
+ +-------------+----------+-----------------------------------------------------------------------------------+
+
+ \ /\ /
+ ---------------- ------------------ --- ---
+ \/ \/
+ Signed portion of Interest Signature
+
+More specifically, the SignedInterest is defined to have four additional components:
+
+- ``<timestamp>``
+- ``<nonce>``
+- ``<SignatureInfo>``
+- ``<SignatureValue>``
+
+For example, for ``/signed/interest/name`` name, CommandInterest will be defined as:
+
+::
+
+ /signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue>
+
+ \ /
+ ----------------------------- --------------------------
+ \/
+ Additional components of Signed Interest
+
+Signed Interest specific Name components
+----------------------------------------
+
+Timestamp component (n-3 *th*)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The value of the n-3 *th* component is the interest's timestamp (in terms of millisecond offset
+from UTC 1970-01-01 00:00:00) encoded as
+`nonNegativeInteger <http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding>`__.
+The timestamp may be used to protect against replay attack.
+
+Nonce component (n-2 *th*)
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The value of the n-2 *th* component is random value (encoded as
+`nonNegativeInteger <http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding>`__)
+that adds additional assurances that the interest will be unique.
+
+SignatureInfo component (n-1 *th*)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The value of the n-1 *th* component is actually a
+`SignatureInfo <http://named-data.net/doc/ndn-tlv/signature.html>`__ TLV.
+
+::
+
+ +---------+---------+-------------------+
+ |Component|Component| +---------------+ |
+ | Type | Length | | SignatureInfo | |
+ | | | | TLV | |
+ | | | +---------------+ |
+ +---------+---------+-------------------+
+
+ | |
+ |<---------The n-1 th Component-------->|
+
+SignatureValue component (n *th*)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The value of the n *th* component is actually a
+`SignatureValue <http://named-data.net/doc/ndn-tlv/signature.html>`__ TLV.
+
+::
+
+ +---------+---------+--------------------+
+ |Component|Component| +----------------+ |
+ | Type | Length | | SignatureValue | |
+ | | | | TLV | |
+ | | | +----------------+ |
+ +---------+---------+--------------------+
+
+ | |
+ |<----------The n th Component---------->|
+
+Signed Interest processing
+--------------------------
+
+On receiving an Interest, the producer, according to the Interest name prefix, should be able
+to tell whether the Interest is required to be signed. If the received Interest is supposed to
+be signed, it will be treated as invalid in the following three cases:
+
+- one of the four components above (Timestamp, Nonce, SignatureValue, and SignatureInfo) is
+ missing or cannot be parsed correctly;
+- the key is not trusted for signing the Interest;
+- the signature cannot be verified with the public key pointed by the
+ `KeyLocator <http://named-data.net/doc/ndn-tlv/signature.html#keylocator>`__ in
+ SignatureInfo.
+
+Recipients of a signed interest may further check the timestamp and the uniqueness of the
+signed interest (e.g., when the signed interest carries a command). In this case, a signed
+interest may be treated as invalid if :
+
+- a valid signed Interest whose timestamp is **equal or later** than the timestamp of the
+ received one has been received before.
+
+Note that in order to detect this situation, the recipient needs to maintain a *latest
+timestamp* state for each trusted public key (**Since public key cryptography is used, sharing
+private keys is not recommended. If private key sharing is inevitable, it is the key owner's
+responsibility to keep clock synchronized**). For each trusted public key, the state is
+initialized as the timestamp of the first valid Interest signed by the key. Since then, the
+state will be updated every time when the recipient receives a valid signed Interest.
+
+Note that for the first Interest, the state is not available. To handle this special situation,
+the recipient should check the Interest's timestamp against a grace interval (e.g., 120
+seconds) [current\_timestamp - interval/2, current\_timestamp + interval/2]. The first interest
+is invalid if its timestamp is outside of the interval.