Hi,
I have read this document and i have some questions.
In the introduction you state:
The secure neighbor discovery usage scenarios have recently been
extended to include environments with mobile or nomadic nodes. These
nodes can often be limited in power and memory capabilities, and thus
may only be able to support lightweight public key cryptography; that
is, RSA-based public keys and algorithm support may not be feasible.
But the proposed solution still requires to have an RSA key in the
Public Key field of the CGA PDS, right?
So, i am confused about how the goal of not having RAS keys is achieved
with this apporach
next:
The secure neighbor discovery usage scenarios have recently been
extended to include environments with mobile or nomadic nodes. These
nodes can often be limited in power and memory capabilities, and thus
may only be able to support lightweight public key cryptography; that
is, RSA-based public keys and algorithm support may not be feasible.
i am not sure this belongs to this doc or to the send one
then it reads:
However , it should be noted that the resulting security level of a
multiple-key CGA is only that of the weakest key. Therefore, the
requirement remains that every key in use should have a security
level matching or exceeding that of a 384-bit RSA key.
I am not sure this is true
I mean, this depends on how the receiving node is implemented, right? I
mean, if the receiver only acceptes keys with a given length, then it
won't accept signatures with other shorter keys, even if the keys are
part of the CGA.
Regards, marcelo
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
