Re: Comments on draft-bagnulo-multi6dt-hba-00.txt

[Francis Dupont <Francis.Dupont@enst-bretagne.fr>]

 In your previous mail you wrote:

   we felt that cga compatibility was more important than supporting equal 
   iids in the HBAs of a given set (note that we do see some value in 
   having equal iids, for instance for simplified management, but this 
   cannot be provided in the CGA format)
   
=> I agree. In fact, to get the same IID for all prefixes is not
a good property IMHO.

   > What do you mean by reliability here ?
   
   fault tolerance i.e. the fault tolerance and other features provided by 
   the  multi6 protocol based on the usage of HBAs
   
   i will try to reword this in the draft
   
=> you should because HBAs are compatible with CGAs...   
   
   > 4)When the multi6 state is setup, i assume that the CGA parameter is 
   > exchanged between the
   >   communicating parties.
   
   if you mean the CGA parameter data structure including the multiprefix 
   extension, then yes
   (BTW i need to state this explicitly in the draft)
   
=> the CGA draft is pretty clear about this.

   >    One of the inferences from the security consideration section is 
   > that the attacker cannot create an HBA
   >    set given a set of victim's addresses. It was not very obvious by 
   > reading the security consideration section.
   
   agree, i will include an example of usage and possible attempts of 
   attacks, and see if this improves this point
   
=> in fact this is clearer in the CGA document: this problem is to the
good parameters which will hash to the given 59+16*sec bits (note
the number of prefixes don't really matter, i.e., it doesn't add or
remove bits to the problem to solve for attackers).

Thanks

Francis.Dupont@enst-bretagne.fr

PS: BTW CGA IPR holders provide royalty-free licenses only for SEND,
can they update their IPR texts on the IETF web for HBAs too?