Hi Julien,
Julien Laganier wrote:
Hello Ana, CSI'ers,
I think I disagree with the paragraph of the draft copied below my note.
To me it seems OK to specify that SEND should use the same hash function
than CGA. Since they are used together to provide security, and since
the security of the resulting system can't be stronger than the weakest
of its components, the maximum level of security can be reached by
choosing mechanisms (hash functions in this case) with similar security
strength for both CGA and SEND.
Improving the security level of only one of the component would not
increase the overall security of the system.
Has anybody an opinion on the topic?
I do :-). I agree with you conceptually, but there might be a point in
time (near future) where SEND may be used without CGAs. And hence we
cannot just state "use the same hash function as CGA". With this in
mind, do you agree with us?
Cheers
Suresh
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
