[icnrg] Fwd: New Version Notification for draft-li-icnrg-hopauth-02.txt

Ruidong Li <lrd@nict.go.jp> Fri, 06 March 2020 07:21 UTC

Return-Path: <lrd@nict.go.jp>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 62DF43A08D2 for <icnrg@ietfa.amsl.com>; Thu, 5 Mar 2020 23:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nict.go.jp
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id qfDzxpjnH_P6 for <icnrg@ietfa.amsl.com>; Thu, 5 Mar 2020 23:21:26 -0800 (PST)
Received: from mo-csw.securemx.jp (mo-csw1516.securemx.jp []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 662F43A08D1 for <icnrg@irtf.org>; Thu, 5 Mar 2020 23:21:26 -0800 (PST)
DKIM-Signature: v=1;a=rsa-sha256;c=relaxed/simple;d=nict.go.jp;h=Subject: References:From:To:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type;i= lrd@nict.go.jp; s=20200225.smx; t=1583479283; x=1584688883; bh=4XQdkenlJQRcVxnR76 anXoOZKBJ/T85Dq3hRDFhuXXc=; b=M9pRQTHcHU0NXjeJpW8JJqAk/OV/tDIHs1C3CTm158IUMyv7 LzbzXM53VGWv6/Dmwin1Xfn6QpQxAMPkCnt6BX+nldd5TE9/QJdbZLWYk0hsGWtPmFuGzdaDU3/gR sXmRjK4Z1oxyc2+dPgKDjAZ2VflN1f1bj0BQ0lGIJm6+E+vcyW8yrKgEYxJX47c2ZFwbfjgiiZlrU u7BDsLFQvhfEuhBOppWNwwrdVCy6t0EkOyGMySGTLIdkT8fEBMwo3hR76kU9nbXey9oJ4EEVemAzz tg00I6w7f9zwmUM4dQy5iL05jr4uU5P/VVGd0ty8mwNgZ7iK72T/++O2r736k2w==;
Received: by mo-csw.securemx.jp (mx-mo-csw1516) id 0267LNNn023985; Fri, 6 Mar 2020 16:21:23 +0900
X-Iguazu-Qid: 34tMYZyghUjA6vqTDy
X-Iguazu-QSIG: v=2; s=0; t=1583479282; q=34tMYZyghUjA6vqTDy; m=VI3O/L9Q+PkkSGd7OwJeDTBZ6NPDTmB75QbTrbhfIpY=
Received: from mail2.nict.go.jp (ipv6.mail2.nict.go.jp [IPv6:2001:df0:232:1200::f]) by relay.securemx.jp (mx-mr1511) id 0267LLeo015540 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 6 Mar 2020 16:21:22 +0900
Received: from [] (5gou2f-dhcp22.nict.go.jp []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail2.nict.go.jp (NICT Mail Spool Server2) with ESMTPSA id DDBFB3BD64 for <icnrg@irtf.org>; Fri, 6 Mar 2020 16:21:21 +0900 (JST)
References: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
From: Ruidong Li <lrd@nict.go.jp>
To: ICNRG <icnrg@irtf.org>
X-Forwarded-Message-Id: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
Message-ID: <f50ec9fc-f5a7-e9a2-0e75-f06a09298f5f@nict.go.jp>
Date: Fri, 06 Mar 2020 16:21:19 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------067CEB3465A16C7D8CA8F741"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/uqCTmyw66n-NCp6xmVa_iFesQFU>
Subject: [icnrg] Fwd: New Version Notification for draft-li-icnrg-hopauth-02.txt
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 07:21:29 -0000

Dear All,

We have updated and uploaded our HopAuth draft v02. This draft targets to provide copyholder authentication, data-retrieval path authentication and Interest authentication to mitigate data poisoning attack and Interest flooding attack, besides the publisher authentication. It is basically a certificate chain-based approach, which can be operated completely independent of centralized servers (e.g. certificate authority (CA)).

In this new version, to make the problem more clearly, we added one paragraph (last paragraph in pp. 3) to explain the differences with the existing KeyID mechanism built in the CCNx design.

Besides, we also address the anonymity question raised from Dirk in this new version. That is, the first-hop router to consumer can remove the certificate from it to consumer before forwarding the Interest to preserve the consumer anonymity.

Your feedback on this document is welcome.

Best Regards,

Ruidong Li,
Senior Researcher, Network System Research Institute,
National Institute of Information and Communications Technology (NICT), Japan
Email: lrd@nict.go.jp  liruidong@ieee.org

-------- Forwarded Message --------
Subject: 	New Version Notification for draft-li-icnrg-hopauth-02.txt
Date: 	Thu, 05 Mar 2020 22:43:12 -0800
From: 	internet-drafts@ietf.org
To: 	Hitoshi Asaeda <asaeda@nict.go.jp>, Ruidong Li <lrd@nict.go.jp>

A new version of I-D, draft-li-icnrg-hopauth-02.txt
has been successfully submitted by Ruidong Li and posted to the
IETF repository.

Name: draft-li-icnrg-hopauth
Revision: 02
Title: Hop-by-Hop Authentication in Content-Centric Networking/Named 
Data Networking
Document date: 2020-03-05
Group: Individual Submission
Pages: 16
URL: https://www.ietf.org/internet-drafts/draft-li-icnrg-hopauth-02.txt
Status: https://datatracker.ietf.org/doc/draft-li-icnrg-hopauth/
Htmlized: https://tools.ietf.org/html/draft-li-icnrg-hopauth-02
Htmlized: https://datatracker.ietf.org/doc/html/draft-li-icnrg-hopauth
Diff: https://www.ietf.org/rfcdiff?url2=draft-li-icnrg-hopauth-02

The unpredictability of consumers, routers, copyholders, and
publishers for the in-network data retrievals in Content-Centric
Networking (CCN) / Named Data Networking (NDN) poses a challenge to
design an authentication mechanism to inhibit the malicious consumers
to flood data requests and prevent the fake data from being provided.
Signature is adopted as the fundamental function in CCN / NDN, which
however can only provide publisher authentication with additional
certificate acquisition. This document describes the Hop-by-Hop
Authentication mechanism (HopAuth) integrating certificate collection
and packet forwarding potentially with the assistance from
certificate authority to provide consumer authentication, copyholder
authentication and path authentication to enable the in-network data
retrieval to be trustworthy, besides the publisher authentication.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat