ietf
[Top] [All Lists]

Re: Last Call Comments on draft-ietf-shim6-hba-04

2007-11-25 13:49:52
On 2007-11-26 04:38, Eric Rescorla wrote:
...
Yes, I understand that, but again, your argument precedes from the
premise that people won't want to deploy CGA. Given that substantial
effort was invested in that, I think it's reasonable to take
a step back and ask why some new approach will be more attractive,
not just assume that it will be because it points in some different
direction.

I think the scenarios are very different. To pay the costs of deploying
CGAs, you have to be worried about threats from interlopers on your
own infrastructure, as I understand things. HBAs deal with threats from
interlopers anywhere between the two ends of the shim6 session.
They're much easier to deploy since they use a nonce instead of
a key pair.

I don't think this is really a case of solving the same problem twice.

   Brian

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf