At Mon, 26 Nov 2007 11:18:42 +0100, Iljitsch van Beijnum wrote: > > On 25 nov 2007, at 22:51, Jari Arkko wrote: > > > Eric is right that HBA does not appear to buy much additional value > > over > > CGAs. On the other hand, HBAs are very easy to support if you already > > support CGAs; and some people seem to think shared-key only crypto is > > helpful. You might disagree with that assessment, but it was the WG's > > decision. I do not personally feel a need to prevent them for > > including > > this support. > > There are two differences: > > - both generating and checking public key signatures is more expensive > than just hashes Yes, it is, but as I said in my initial review, I don't see any real evidence that these are limiting factors in any practical setting. Premature optimization is one of the most common tropes in cryptographic protocol engineering. > - for CGA, a host needs to store a private key somehwere, with HBA > there are no secrets I don't really see the relevance of this. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf