Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

[Francis Dupont <Francis.Dupont@point6.net>]

 In your previous mail you wrote:

   so for multihoming purposes, which is the scope of this working group, 
   the security of the shim6 protocol provided by HBA and CGA are exactly 
   equivalent right?
   
=> HBA is the weaker mechanism providing the required security for
multi-homing. This doesn't change my argument saying than
HBA < CGA < IPsec or address sharing < ownership < authentication.

   > => I am afraid you believe any bit string is a valid public key, this 
   > is
   > not the case for RSA. It does not matter for real brute force attacks
   > (the modifier is long enough) but should matter for more sophisticate
   > attacks using some vulnerabilities in the hash function.
   
   but this is exactly why the modifier is included in the initial part of 
   the string, in order to prevent other type of attacks (i.e. the part 
   that is easy to change is at the begining, so the attacker cannot 
   benefit from precomputed parts of the hash)
   
=> you do an assumption about possible more sophisticate attacks
which can be false (and nobody knows as they are possible and likely
not yet known), i.e., this detail in the design is good but perhaps far
from to be enough.

Regards
   
Francis.Dupont@point6.net