> > I have three concerns about this CGA/KBA idea: > - first this idea is about interface IDs, not addresses > (so for Mobile > IPv6 we need Return Routability too).
=> Yes you do, but you would be able to generate an SA. This is not the case with RR only. > - second the verification implies an expensive crypto operation > (typically a signature check) so the scheme is subject > to trival DoS > attack, especially if each packet has to be checked (so > or a session > key is negociated with an even more expensive and > complex protocol, => If you want strong authentication, what else can you do? Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
