[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Advantages and disadvantages of using CB64 type of identifiers

To: marcelo bagnulo braun <mbagnulo@ing.uc3m.es>
Subject: Re: Advantages and disadvantages of using CB64 type of identifiers
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Fri, 2 Jul 2004 07:02:58 -0700 (PDT)
Cc: Erik Nordmark <Erik.Nordmark@sun.com>, Multi6 List <multi6@ops.ietf.org>
In-reply-to: "Your message with ID" <9FBC54E7-CC17-11D8-A131-000D93ACD0FE@ing.uc3m.es>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> i mean, if the iid is used by apps to provide some form of 
> authentication/authorization, having a public key that matches with the 
> iid may enable to impersonate the real owner of the iid, right?
> and since the iids are crypto, one may assume that apps may want to use 
> to authentication, i guess.
> But this may depend on the details, i guess.

If the upper layers, the application itself, TLS, and IPsec,
*only* use the AID as the identifier (and not a certificate name with a PKI,
or a longer hash of the same public key that was used to generate the CGA)
then this would be a concern.

But I suspect that even opportunistic IPsec would rely on having e.g. the
full public keys in the DNS or something similar.

Hence hash collisions would only be useful for redirecting the encrypted
content.

   Erik

References:
- Re: Advantages and disadvantages of using CB64 type of identifiers
  - From: marcelo bagnulo braun <mbagnulo@ing.uc3m.es>

Prev by Date: RE: about Wedgelayer 3.5 / Fat IP approaches
Next by Date: RE: Advantages and disadvantages of using CB64 type of identifiers
Previous by thread: Re: Advantages and disadvantages of using CB64 type of identifiers
Next by thread: RE: Advantages and disadvantages of using CB64 type of identifiers
Index(es):
- Date
- Thread