Expand description
NDNCERT — NDN Certificate Management Protocol.
This crate implements the NDNCERT protocol for automated NDN certificate
issuance. It is transport-agnostic: protocol types are serialized to/from
JSON bytes that are carried in NDN ApplicationParameters and Content fields.
The network wiring (Producer/Consumer) lives in the ndn-identity crate.
Phase 1C will replace the JSON wire format with full NDN TLV encoding
(NDNCERT 0.3 type assignments defined in protocol), enabling interop
with the reference C++ implementation (ndncert-ca-server/ndncert-client).
§Protocol overview
Client CA
| |
|-- Interest: /<ca>/CA/INFO --> |
|<- Data: CaProfile --------- |
| |
|-- Interest: /<ca>/CA/PROBE --> | (optional: check namespace before enrolling)
|<- Data: ProbeResponse ------- |
| |
|-- Interest: /<ca>/CA/NEW --> | (ApplicationParameters: CertRequest)
|<- Data: NewResponse --------- | (request_id + available challenges)
| |
|-- Interest: /<ca>/CA/CHALLENGE/<req-id> --> | (ApplicationParameters: ChallengeRequest)
|<- Data: ChallengeResponse ---- | (Approved: cert | Processing: more rounds | Denied: error)
| |
|-- Interest: /<ca>/CA/REVOKE --> | (optional: revoke an existing cert)
|<- Data: RevokeResponse ------- |Re-exports§
pub use ca::CaConfig;pub use ca::CaState;pub use challenge::email::EmailChallenge;pub use challenge::email::EmailSender;pub use challenge::pin::PinChallenge;pub use challenge::possession::PossessionChallenge;pub use challenge::token::TokenChallenge;pub use challenge::token::TokenStore;pub use challenge::yubikey::YubikeyHotpChallenge;pub use challenge::ChallengeHandler;pub use challenge::ChallengeOutcome;pub use challenge::ChallengeState;pub use client::EnrollmentSession;pub use ecdh::EcdhKeypair;pub use ecdh::SessionKey;pub use error::CertError;pub use policy::DelegationPolicy;pub use policy::HierarchicalPolicy;pub use policy::NamespacePolicy;pub use policy::PolicyDecision;pub use protocol::CaProfile;pub use protocol::CertRequest;pub use protocol::ChallengeRequest;pub use protocol::ChallengeResponse;pub use protocol::ChallengeStatus;pub use protocol::ErrorCode;pub use protocol::NewResponse;pub use protocol::ProbeResponse;pub use protocol::RevokeRequest;pub use protocol::RevokeResponse;pub use protocol::RevokeStatus;
Modules§
- ca
- CA-side stateless logic for NDNCERT.
- challenge
- Pluggable challenge framework for NDNCERT.
- client
- Client-side enrollment session for NDNCERT.
- ecdh
- ECDH key agreement + HKDF-SHA256 + AES-GCM-128 for NDNCERT 0.3.
- error
- policy
- Namespace policies — define what certificate names a CA may issue.
- protocol
- NDNCERT wire protocol types.
- tlv
- NDNCERT 0.3 TLV wire format.