Hop-by-Hop Authentication in Content-Centric Networking/Named Data Networking

Document Type Expired Internet-Draft (individual)
Authors Ruidong Li  , Hitoshi Asaeda 
Last updated 2020-09-06 (latest revision 2020-03-05)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The unpredictability of consumers, routers, copyholders, and publishers for the in-network data retrievals in Content-Centric Networking (CCN) / Named Data Networking (NDN) poses a challenge to design an authentication mechanism to inhibit the malicious consumers to flood data requests and prevent the fake data from being provided. Signature is adopted as the fundamental function in CCN / NDN, which however can only provide publisher authentication with additional certificate acquisition. This document describes the Hop-by-Hop Authentication mechanism (HopAuth) integrating certificate collection and packet forwarding potentially with the assistance from certificate authority to provide consumer authentication, copyholder authentication and path authentication to enable the in-network data retrieval to be trustworthy, besides the publisher authentication.


Ruidong Li (lrd@nict.go.jp)
Hitoshi Asaeda (asaeda@nict.go.jp)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)