At Mon, 26 Nov 2007 10:33:17 +1300, Brian E Carpenter wrote: > > On 2007-11-26 10:11, Eric Rescorla wrote: > > At Mon, 26 Nov 2007 09:48:39 +1300, > > Brian E Carpenter wrote: > >> On 2007-11-26 04:38, Eric Rescorla wrote: > >> ... > >>> Yes, I understand that, but again, your argument precedes from the > >>> premise that people won't want to deploy CGA. Given that substantial > >>> effort was invested in that, I think it's reasonable to take > >>> a step back and ask why some new approach will be more attractive, > >>> not just assume that it will be because it points in some different > >>> direction. > >> I think the scenarios are very different. To pay the costs of deploying > >> CGAs, you have to be worried about threats from interlopers on your > >> own infrastructure, as I understand things. HBAs deal with threats from > >> interlopers anywhere between the two ends of the shim6 session. > >> They're much easier to deploy since they use a nonce instead of > >> a key pair. > > > > Hmm... I'm fairly familiar with crypto protocols and I don't see why > > this makes them any easier to deploy. CAn you please explain? > > Well, if I understand HBA correctly, the nonce is automatically > generated. I must confess I haven't studied CGA closely, but I > presume that some affirmative action is needed to generate the keys. Why? I don't see why that would be any more the case with CGA than with HBA. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf