Jari Arkko wrote: > Unfortunately, it is not possible to verify the CGA property just by > looking at an address -- you also need to have the input parameters > for the check IID == hash(pk) to be possible. That is, the public key > must be communicated from the mn to the cn. If you know you > use CGA this > is easy and requires no security for the transfer. However, if it is > optional to use CGA, then an attacker could simply claim to the CN > that no public key was used. CN simply doesn't know if this is true > or not; the address itself can't be verified without a parameter. >
You just argued for my point. If there is a way for the attacker to indicate that no public key was used (clearing the bit for example) then they will do that and you didn't help your cause. If the CN checked that the IID agreed with the PK in every case, if no PK was available obviously it fails, and if one was available it will either pass or fail as appropriate. A bit didn't help make that decision easier. The fundemental decision comes down to; does the MN generate a CGA, and send a PK to the CN, or not. If it does the CN has what it needs to verify the IID, and if it doesn't then the receiver might waste a few cycles deciding that the IID is not based on a PK. The action the receiver takes at that point will be exactly the same as if it had seen the proposed bit cleared. THE BIT PROVIDES NO VALUE TO THIS PROCESS. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
