Hello Ted,
> This idea doesn't make sense to me from a security perspective--based
> on my probably naive understanding of CGA, it seems like this would
> mean that the private key would have to be sent over the wire in the
> clear.
I apology for not speaking for this draft directly (I only read the
draft a long time ago). However, for a CGA to be computed (remotely or
locally), you only need few public parameters (subnet prefix, public
key and such).
Actually, the CGA document (RFC 3972) makes no use of the private key
during the CGA generation and verification process. This is why you
usually need SEND (or a similar mechanism) to achieve the proof of
ownership (through a signature realized by the private key).
So, as long as the public/private key are generated on the node, I
would say that you will not need to communicate the private key (in
clear or in a ciphered form).
Hope it helps.
Regards,
Tony
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
