[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: about draft-bagnulo-multi6dt-hba-00.txt

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: about draft-bagnulo-multi6dt-hba-00.txt
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Thu, 28 Oct 2004 19:22:13 +0200
Cc: multi6@ops.ietf.org
In-reply-to: <200410281645.i9SGjtSj031983@givry.rennes.enst-bretagne.fr>
References: <200410281645.i9SGjtSj031983@givry.rennes.enst-bretagne.fr>

Hi Francis,


El 28/10/2004, a las 18:45, Francis Dupont escribió:

I like the idea


thanks,

but the I-D is hard to read by itself, i.e., the send-cga
I-D is needed to understand things... But this is more a problem about
the organization of the document.

agree, and i apologize for this. I think that the outcome is more focused in the specification of the mechanisms rather than in the rationale, which is what it should be presented at this stage.

I think that an appendix with an example would help to clearify. I will try to add this.

But section 4 is incomplete: "2. Modifier generation. Generate a Modifier as a random or pseudorandom 128-bit value. If a public key has not been provided as an input, generate the Extended Modifier as a 384-bit random or pseudorandom value. Format the Extended Modifier as a DER-encoded ASN.1 structure of the type SubjectPublicKeyInfo defined in the Internet X.509 certificate profile [3]." this is underspecified (RSA must be specified) and not clear enough: IMHO the idea is to get a 384 bit random value and to encode it as a RSA key in a SubjectPublicKeyInfo DER value.

yes

But there is at least another interpretation... BTW the encoding gives only a static (i.e., easy to precompute : 0x 30 42 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 31 00 <48 octets> but please check :-) prefix.


ok, i will try to clearify this

Finally I am not convinced a type tag is not required for HBA CGAs, i.e., today HBA CGAs are not more usable than CGAs...


i am not following this, could you expand a bit?

Thanks

Francis.Dupont@enst-bretagne.fr

PS: I have an OpenSSL module for CGAs (with new/free/dup/d2i/i2d and
check/sign/verify). I can send it to who'd like to extend it to HBA
(I'm using the standard BSD licence). It should be easy because if I've
understood the design the multi-prefix extension is an extension field?


Great!
we are planning to implement HBA, so this would be really helpful.
I will contact you later.

Thanks, marcelo

------------------------------------------
Please note that my former email address
mbagnulo@ing.uc3m.es is no longer in use
Please send mail to:
marcelo at it dot uc3m dot es
------------------------------------------

Follow-Ups:
- Re: about draft-bagnulo-multi6dt-hba-00.txt
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- about draft-bagnulo-multi6dt-hba-00.txt
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: about draft-arkko-multi6dt-failure-detection-00.txt
Next by Date: Re: Multi6 WG Last Call (2 of 3) draft-ietf-multi6-things-to-think-about-00.txt
Previous by thread: about draft-bagnulo-multi6dt-hba-00.txt
Next by thread: Re: about draft-bagnulo-multi6dt-hba-00.txt
Index(es):
- Date
- Thread