Re: Advantages and disadvantages of using CB64 type of identifiers

[Erik Nordmark <Erik.Nordmark@sun.com>]

> - source locator rewriting by edge routers is precluded
> - changes in the prefix implies changes in the identifiers
>    - so when the mh site changes isps it will need
>      to renumber both its locators and its identifiers

Hmm - this assumes that the IID is different for each prefix.

My understanding is that SeND chose different IIDs for different prefixes
but that might be overkill. If the IID is not a function of the prefix
it would enable redirection by a resourceful attacker
by precomputing 2^64 public/private keys that hash to all 2^64 IIDs.
If the content of the packets are encrypted the redirection would not
provide access to the content; it could only be used for DoS or for
gathering the content for cryptoanalysis.

A while back Jari Arkko computed the amount of space needed to store
2^64 precomputed keys, and the storage space was a few buildings the size
of the former world trade center buildings I think.

An organization which is willing to spend that much resources today on
redirecting packets can probably do it more efficiently by gaining access
to links within or between large ISPs.

So the question is whether we believe that the cost of the precomputation
and storage would drop so much over 20 years that this would become one
of the more attractive ways to DoS or gather data for cryptoanalysis.

   Erik