Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)

[Erik Nordmark <Erik.Nordmark@sun.com>]

> What comes to crypto binding, I am only aware of two possibilities:
> Using asymmetric keys (or something similar) as primary identifiers,
> or using CGA (or something similar).  All the other solutions that
> I know about require some kind of infrastructure, some kind of
> an enrollment procedure, or both.

I guess I don't really understand your categorization.

If one wants to have the IP packets be bound to some existing identity
(like something one would find in a PKI: subject-name erik.nordmar@sun.com
with some particular trust anchor) then one would always need something
at least approximating a PKI.

If one is only concerned about the IP packets be bound to some ephemeral
(and meaningless to higher level protocols?) identity than one can either
have the primary identifier be variable length (e.g. a public key; 
a (self-signed) certificate), or fixed length (e.g. a hash of a public key
or a hash of a (self-signed) certificate).
That still allows the identifiers to be long-term stable, as well as new
identifiers being fabricated on the fly to get "anonymity".

Finally, if one only is concerned about being able to verify that some IP
packet is sent by the same entity that sent some previous IP packet, then
PBK type approaches would seem to fit (e.g. do an anonymous DH exchange up
front and use the resulting key to protect changes to the id/loc mapping.)

  Erik