Henderson, Thomas R wrote:
As I briefly mentioned today, there has been some complementary work in the HIP RG that discusses the handling of non-routable identifiers in legacy applications: http://www.ietf.org/internet-drafts/draft-henderson-hip-applications-02.txt, the main differences being the use of KHI (now ORCHIDs) in HIP instead of CGAs.
Is there an orchid draft? (I'm curious what might have changed other than the name.)
Until recently, the HIP drafts defined a "Type 2" HIT with the property that the upper 64 bits contained support for two levels of hierarchical naming (enabling reverse resolution), with the lower bits being drawn from a hash of the public key, but this HIT type was dropped due to lack of interest last year: http://www1.ietf.org/mail-archive/web/hipsec/current/msg01519.html It was also felt by some that 64 bits of hash was insufficient to protect the binding between HIT and public key.
I can understand the 64 bit concern for HIP, since HIP is securing the payload. Hence the comparison is with the strength that IKE can provide.
But shim6 is only preventing redirection attacks; if one cares about payload protection one would run IPsec, TLS, etc above shim6.
For the redirection threats, 64 bits is probably plenty. Erik