On 2007-11-26 04:38, Eric Rescorla wrote: ...
Yes, I understand that, but again, your argument precedes from the premise that people won't want to deploy CGA. Given that substantial effort was invested in that, I think it's reasonable to take a step back and ask why some new approach will be more attractive, not just assume that it will be because it points in some different direction.
I think the scenarios are very different. To pay the costs of deploying CGAs, you have to be worried about threats from interlopers on your own infrastructure, as I understand things. HBAs deal with threats from interlopers anywhere between the two ends of the shim6 session. They're much easier to deploy since they use a nonce instead of a key pair. I don't think this is really a case of solving the same problem twice. Brian _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf