>Pekka Nikander wrote: > Well, the original idea was to reserve a bit to indicate that the > address is Cryptographically Generaged Address (CGA), basically > meaning that > > if the bit is set, then > interface id = low64(hash(PK, stuff)) & mask > > where > PK is a public key to be used as an identifier for the host > stuff is contains other parameters (see the earlier messages) > hash is a cryptographic hash function, e.g. SHA1 > low64 is a function that takes lowest 64 bits > mask indicates that we have to clear/set some bits of the iid > > In essense, that would allow anyone to determine if a given public > key belongs to a host, just inspecting the public key, the address, > and the "stuff" above. See e.g.
Does this prove that the public key belongs to the host? What if the attacker just uses different network prefix and the same interface id than the original host? Am I missing something? -Rami Lehtonen -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
