At Mon, 26 Nov 2007 11:18:42 +0100,
Iljitsch van Beijnum wrote:
On 25 nov 2007, at 22:51, Jari Arkko wrote:
Eric is right that HBA does not appear to buy much additional value
over
CGAs. On the other hand, HBAs are very easy to support if you already
support CGAs; and some people seem to think shared-key only crypto is
helpful. You might disagree with that assessment, but it was the WG's
decision. I do not personally feel a need to prevent them for
including
this support.
There are two differences:
- both generating and checking public key signatures is more expensive
than just hashes
Yes, it is, but as I said in my initial review, I don't see any
real evidence that these are limiting factors in any practical
setting. Premature optimization is one of the most common tropes
in cryptographic protocol engineering.
- for CGA, a host needs to store a private key somehwere, with HBA
there are no secrets
I don't really see the relevance of this.
-Ekr
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf