I have a basic concern with the use of CGA in the IETF, which is that the CGA design is not currently crypto-agile.
Before we starting "extending" CGA usage, shouldn't we have a firm foundation for it first? I have read the rationale for why a single algorithm was selected, but frankly I don't find it convincing. In almost every instance where a fixed algorithm has been "baked" into a protocol, at some point this turned out to be a mistake. As it stands, were we to require an alternative to RSA (ECC, for example?) or an alternative hash (do we really think that SHA-1 is likely to remain viable forever?), CGAs as currently defined will fold like a house of cards, and the "extensions" with them. _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
