At Mon, 26 Nov 2007 13:27:24 +1300, Brian E Carpenter wrote: > > On 2007-11-26 10:41, Eric Rescorla wrote: > > At Mon, 26 Nov 2007 10:33:17 +1300, > > Brian E Carpenter wrote: > >> On 2007-11-26 10:11, Eric Rescorla wrote: > >>> At Mon, 26 Nov 2007 09:48:39 +1300, > >>> Brian E Carpenter wrote: > >>>> On 2007-11-26 04:38, Eric Rescorla wrote: > >>>> ... > >>>>> Yes, I understand that, but again, your argument precedes from the > >>>>> premise that people won't want to deploy CGA. Given that substantial > >>>>> effort was invested in that, I think it's reasonable to take > >>>>> a step back and ask why some new approach will be more attractive, > >>>>> not just assume that it will be because it points in some different > >>>>> direction. > >>>> I think the scenarios are very different. To pay the costs of deploying > >>>> CGAs, you have to be worried about threats from interlopers on your > >>>> own infrastructure, as I understand things. HBAs deal with threats from > >>>> interlopers anywhere between the two ends of the shim6 session. > >>>> They're much easier to deploy since they use a nonce instead of > >>>> a key pair. > >>> Hmm... I'm fairly familiar with crypto protocols and I don't see why > >>> this makes them any easier to deploy. CAn you please explain? > >> Well, if I understand HBA correctly, the nonce is automatically > >> generated. I must confess I haven't studied CGA closely, but I > >> presume that some affirmative action is needed to generate the keys. > > > > Why? > > > > I don't see why that would be any more the case with CGA than > > with HBA. > > The nonce generation in HBA will just happen when it's needed. As will the CGA key generation. > It isn't obvious to me from looking over the SeND and CGA documents > when the key pair for CGA is created, but it certainly doesn't > fit in naturally like the HBA nonce. CGA is complicated by comparison. I don't see where you're getting this from. At the time when you need to create a new address, you simply create a new asymmetric key pair and build the CGA. This fits in perfectly naturally. Yes, if you're using a very high security parameter this may take a few secconds, but the situation with HBA is exactly the same in that regard. Actually, it's the HBA interface that's complicated, because you need to create all your addresses at once and whenever you get a new prefix you need to generate all new addresses. CGA doesn't have this problem. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf