[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cb64
> I have been re reading the cb64 draft, and i was wondering about the
> fact that the IID is independent of the prefix. This was discarded in
> SeND AFAIK in order to prevent dictionary attacks. Do you think that
> cb64 should adopt a similar protection against these attacks?
If we decide to pursue this approach further, this should definitely be
looked at carefully.
> In this case, the iid would differ among locators, and probably it
> would be needed to change the id used. Perhaps the id could be the
> public key rather than its hash (as in hip)
ok. But this id would still be internal to the multihoming sublayer.
> I don't know how much this change would affect the defined protocol. In
> particular you would need to exchange the public key beforehand, which
> is not currently required. this would add overhead when no additional
> locator is needed, i am afraid.
I don't see why one would need to pass the key earlier.
One would have to change how the context is identified on reception
from using the IID+flow label to only using the flow label
(which limits each host to 1 million contexts; unless we carry an explicit
larger contex tag in the packet as in SIM).
But the protocol can still defer the public key operations until the first
locator change as far as I can tell.
Erik
- Follow-Ups:
- Re: cb64
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- References:
- cb64
- From: marcelo bagnulo braun <mbagnulo@ing.uc3m.es>