[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: shim6-wg <shim6@psg.com>
Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: Geoff Huston <gih@apnic.net>
Date: Mon, 24 Jul 2006 07:02:08 +1000
Cc: Francis.Dupont@point6.net

Resent for Francis Dupont, as his pointing was bounced by the him6list manager (non-member submission

======================

In your previous mail you wrote:

   > Here we are in trouble because the main threat is hard: the best known
   > defense, mutual strong authentication, is not deployable. So we get
   > poor mechanisms (like RR) and we try to improve them (like CBA) against
   > secondary threats when the main one still remains... I really like
   > to see shim far better than mip!
   >

   but do you think that the security resulting with HBAs and the
   additional mechanisms available in shim are good enough?

=> HBAs are weaker than CGAs (which provide ownership using the signature),
and than standard strong authentication (using some kind of PKI).
Without the hash extension IMHO they would be too weak, now we have
to take advice from cryptographers to understand if/how to improve them...

Regards

Francis.Dupont@point6.net

PS: BTW my employer when I implemented HBAs was "GET/ENST Bretagne".

Prev by Date: Notes from the IETF 66 WG Meeting
Next by Date: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Previous by thread: Notes from the IETF 66 WG Meeting
Next by thread: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread