In response to coments on draft draft-zhou-6man-mhash-cga-00 1. It can be referred to RFC3972 section 7.2 "This increases the cost of address generation approximately by a factor of 2^(16*Sec). It also increases the cost of brute-force attacks by the same factor. That is, the cost of creating a CGA Parameters data structure that binds the attacker's public key with somebody else's address is increased from O(2^59) to O(2^(59+16*Sec)). The address generator may choose the security parameter Sec depending on its own computational capacity, the perceived risk of attacks, and the expected lifetime of the address. Currently, Sec values between 0 and 2 are sufficient for most IPv6 nodes. As computers become faster, higher Sec values will slowly become useful."
So though hash output length and sec parameter are two different things, they can be added together to evaluate as a whole. If have doubts, I suggest ask CFRG people to consider it. 2. when consider computation part for good guys, since it has been suggested to use high sec value, 2^(16*sec) is already to big work to do (when sec=3, cost thousands of hours ), so it is not distinguish with plus 3. And it has already been proposed to delegate the generation of CGA to a third party when using high sec.
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
