Presented at NDN Community Meeting 2026.
Ownly is a decentralized web application built on named, secured data, peer-to-peer synchronization, and in-network storage. However, when an Ownly user connects to the ndn6 network, an independently operated NDN network enforcing zero-trust policies, the application fails with a prefix registration error. This presentation analyzes the root cause of this failure, highlighting critical operational gaps that prevent NDN from transitioning from an academic experiment to a global Internet.
First, a security model conflict exists between Ownly's "skeleton key" approach and ndn6's zero-trust prefix registration policy. While Ownly relies on a long-standing NFD vulnerability (#2856) that allows any valid key to register arbitrary prefixes on the global NDN testbed, ndn6 utilizes has custom enforcement mechanisms to reject prefix announcements outside a key's identity namespace. I then propose a trust-schema-based solution that safely accommodates application namespace designs without compromising network-level zero-trust policies. See: A Decade of #2856.
Second, current NDN routing protocol (NLSR and ndn-dv) lacks policy enforcement mechanisms. Inter-domain peering between the testbed and ndn6 currently relies on a fragile, unidirectional prefix export pipeline. I demonstrate how this asymmetric routing environment causes a split-brain state that breaks State Vector Sync protocol. As an intermediate step before a full inter-domain routing protocol development, I advocate for introducing policy tagging into existing intra-domain routing protocols. This allows independent operators to safely peer with bidirectional prefix import+export, while maintaining the Valley-Free policy. See: A Decade of Policy-Blind Routing.
Download slides: Why Ownly does not Work on the ndn6 Network? A Decade of Operational Gaps in Trust and Routing