On 05/25/2013 12:19 AM, Dave Thaler wrote: > I'd also like to see CGAs (3972) added to this analysis. It seems to me > they're > the existing standards-track "random-per-network" addresses. So all of the > "random-per-network" statements would seem apply equally to the existing RFC. > > This draft references that RFC but does not contain any discussion on the > relative use cases. I.e., if I already use CGAs for my "random-per-network" > solution, is there any benefit in this draft? > > What problem is this solving that wasn't already solved by that existing > Proposed Standard RFC?
I could give you multiple reasons for draft-ietf-6manstable-privacy-addresses: * The whole point of CGAs is validating the ownership of an IPv6 address. If you're going to use CGAs for that, that's overkill (bothering with a public key, etc., etc.) * CGAs are more complex and difficult to undestand. OTOH, if one understands RFC1948 or how a hash function works, understanding draf-tietf-6man-stable-privacy-addresses is straightforward. * CGAs are far more expensive than draft-ietf-6man-stable-privacy-addresses. You compute at least two hashes, where in stable privacy you need only one. * CGAs require a specific hash algorithm (SHA-1), since they neey other to be able to verify the CGA. We give implementations to employ the algorithm they feel is more appropriate (based on their specific tradeoffs). * CGAs are IPR encumbered. draft-ietf-6man-stable-privacy-addresses are not. * CGAs cannot be used in conjunction with RFC4941. To be honest, the argument of "using CGAs instead of stable privacy" sounds to me pretty much like "you don't need a hammer, because you can use pliers to knock the nail". Cheers, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
