Encrypted Sessions In CCNx (ESIC)

Document Type Expired Internet-Draft (individual)
Authors Marc Mosko  , Christopher Wood 
Last updated 2018-04-19 (latest revision 2017-09-12)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes how to transport CCNx packets inside an encrypted session between peers that share a traffic secret, such as that which is derived from [CCNxKE]. The peers create an outer naming context to identify the encryption session in one direction between the consumer and the producer. The consumer sends encrypted Interest messages to the producer, who responds with encrypted Content Objects. Inside the outer context, the consumer sends Interests with different names, which the producer may respond to or may send InterestReturns for. There does not need to be a naming relationship between the outer names and the inner names. The inner content is still protected by normal CCNx authentication mechanisms and possiby encrypted under other schemes.


Marc Mosko (marc.mosko@parc.com)
Christopher Wood (woodc1@uci.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)