On 2007-11-26 10:41, Eric Rescorla wrote:
At Mon, 26 Nov 2007 10:33:17 +1300,
Brian E Carpenter wrote:
On 2007-11-26 10:11, Eric Rescorla wrote:
At Mon, 26 Nov 2007 09:48:39 +1300,
Brian E Carpenter wrote:
On 2007-11-26 04:38, Eric Rescorla wrote:
...
Yes, I understand that, but again, your argument precedes from the
premise that people won't want to deploy CGA. Given that substantial
effort was invested in that, I think it's reasonable to take
a step back and ask why some new approach will be more attractive,
not just assume that it will be because it points in some different
direction.
I think the scenarios are very different. To pay the costs of deploying
CGAs, you have to be worried about threats from interlopers on your
own infrastructure, as I understand things. HBAs deal with threats from
interlopers anywhere between the two ends of the shim6 session.
They're much easier to deploy since they use a nonce instead of
a key pair.
Hmm... I'm fairly familiar with crypto protocols and I don't see why
this makes them any easier to deploy. CAn you please explain?
Well, if I understand HBA correctly, the nonce is automatically
generated. I must confess I haven't studied CGA closely, but I
presume that some affirmative action is needed to generate the keys.
Why?
I don't see why that would be any more the case with CGA than
with HBA.
The nonce generation in HBA will just happen when it's needed.
It isn't obvious to me from looking over the SeND and CGA documents
when the key pair for CGA is created, but it certainly doesn't
fit in naturally like the HBA nonce. CGA is complicated by comparison.
I guess I see the HBA-only mode as being much more important in
practice than CGA/HBA.
Brian
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf