Tony Hain wrote:
> The bit method is not only a gross hack, it is entirely unnecessary. All > it provides is an optimization for the receiver to decide if a CGA check > is worth the effort, and for nodes that are aware enough to look for the > bit they could just as easily check every IID. In fact if they really > care, they have to check every IID just to make sure there was no > tampering. If they do check there is no opportunity to bid down since > the source is in control of deciding to generate a CGA to begin with, > and the receiver is in control of deciding if a CGA was received. Unfortunately, it is not possible to verify the CGA property just by looking at an address -- you also need to have the input parameters for the check IID == hash(pk) to be possible. That is, the public key must be communicated from the mn to the cn. If you know you use CGA this is easy and requires no security for the transfer. However, if it is optional to use CGA, then an attacker could simply claim to the CN that no public key was used. CN simply doesn't know if this is true or not; the address itself can't be verified without a parameter. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
