On 25 nov 2007, at 22:51, Jari Arkko wrote:
Eric is right that HBA does not appear to buy much additional value
over
CGAs. On the other hand, HBAs are very easy to support if you already
support CGAs; and some people seem to think shared-key only crypto is
helpful. You might disagree with that assessment, but it was the WG's
decision. I do not personally feel a need to prevent them for
including
this support.
There are two differences:
- both generating and checking public key signatures is more expensive
than just hashes
- for CGA, a host needs to store a private key somehwere, with HBA
there are no secrets
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf