Conversation
Why? |
We don't want to have a separate namespace from DNS, so this is a step in that direction. We also have code for ndncert (which we'll merge once it's finished) that can use x509 certs as proof of name possession (DNS names in this case). |
|
Understood. Yeah, we've been talking about that (not having a separate namespace) for quite some time. Still, I don't see how (to make an example) |
|
It's a bit confusing what's the right thing to do here is. The name hierarchy should reflect some administrative / ownership hierarchy. DNS covers some aspects of this but not necessarily. For example, IMO a better naming scheme might be something like There are some engineering decisions to make here. But I feel like flattening name of a site down to a single machine is not the right thing to do. Perhaps we need to more clearly define what a "site" on the testbed is. |
There definitely is a hierarchy. In your example, Educause manages the
What do you mean by "control"? We're talking about names here, so that's the extent of "control" that is relevant to this discussion IMHO. I'm guessing you're talking about more than that? |
Yes, that's why
If the name has a structure, the structure needs to be meaningful, i.e. reflect some real-world semantics. Translating |
- nlsr.Dockerfile: builds patched NLSR from Gerrit change 7818 - docker-compose.override.yml: uses ghcr.io/a-thieme/nlsr:patch-7818 image Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use ndn-cxx-build and ndn-cxx-runtime base images instead of Ubuntu - Build psync from source with --prefix=/usr --libdir=/usr/lib - Build NLSR with --prefix=/usr --libdir=/usr/lib --with-psync - Use patch revision 6 (latest) instead of revision 1 - Add libboost-iostreams to runtime dependencies - Copy psync library to runtime image Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Patch 7818 requires advertising section format to be "prefix cost" instead of just "prefix". Update template to generate correct format. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ndn-cxx library looks for the PIB (identity database) at $HOME/.ndn/. Without HOME set correctly, NLSR could not find the router identity and was running without security. Also bumps image version to v3. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document all changes required to integrate patch 7818: - nlsr.Dockerfile using Named Data base images with HOME=/config - docker-compose.override.yml pointing to patched image - templates/nlsr/nlsr.conf.j2 fixed advertising format Includes build instructions, deployment steps, verification procedures, and troubleshooting guide. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Explain what changes are needed in named-data/testbed and NLSR gerrit patch 7818 for "just works" deployment after merge. Option B: No backward compatibility - single template change required. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The testbed uses Docker Compose directly, not Ansible. Master container auto-pollutes git and regenerates configs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
I don't see how the latest commits are related to this PR. @a-thieme, I assume you pushed to the wrong branch? |
yeah I forgot this branch was connected to a PR. once we have the new NLSR patch merged, I'll clean this up |
|
i'll mark it as closed for now, since it doesn't seem like we have progress on it. If a need comes up, we can reopen later. |
3 participants
On emails, the CAs will give an option for the
/<ca-prefix>/<raw email>name. For example, the emailuser@sub.domain.tldfor a CA with prefix/ndn/ca-prefixwill be given the option to request the name/ndn/ca-prefix/user@sub.domain.tld.As a side note, the
@will convert into%40in the encoding, so it's a bit less human readable/typable.Sites now have the name
/ndn/<DNS name>