Hi JM,
Jean-Michel Combes wrote:
Agree but:
o For NS/NA/RS
When there is a CGA option, the key hash field MUST contain the hash
of the CGA public key but the CGA public key is already in the CGA
Parameters field in the CGA option.
o For RA
In the case where there is no CGA option, the key hash should be the
hash of public key from the Router Authorization Certificate but this
key is already in this cert.
So, in the two cases, you have already the key, so why do you need to
have a hash of the key too?
The Key Hash field is necessary in the RSA signature option because the
signer can be different from the address owner. In this case
* The Key hash in the RSA signature option is the hash of the public key
of the signer
* The Public key in the CGA params field is that of the address owner.
RFC3971 does not make such distinction and hence this field does not
make sense in the context of RFC3971 only. I think it has been left in
there as an extension mechanism.
Cheers
Suresh
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
