Hi Stewart, Isn’t it good to have separate crypto functions for the payload and the address? With separate public keys, for payload they are only exchanged between the 2 end points and for addresses by select entities responsible for forwarding. -Kiran
From: Int-area <[email protected]> on behalf of Stewart Bryant <[email protected]> Date: Monday, February 8, 2021 at 03:32 To: Jiayihao <[email protected]> Cc: [email protected] <[email protected]>, int-area <[email protected]>, [email protected] <[email protected]> Subject: Re: [Int-area] The small address use case in FlexIP The problem with this approach is that you only secure the address and not the rest of the packet, so you end up with two crypto functions to execute. Also there are other contenders for the suffix such as the arrival action as per network programming, and the perhaps per hop action as per foam. Now I suppose that this simply means a much longer address and the semantics of the stuff that follows the prefix is defined by the address, but then I think that it is better to simply call that a blob defined by the prefix rather with no formal semantics in the protocol and leave the definition of the blob to the network application designers. There is clearly quite a lot to study in terms of multi-semantics which I think really should be taken out and put in its own draft. - Stewart On 8 Feb 2021, at 10:05, Jiayihao <[email protected]<mailto:[email protected]>> wrote: As for address embedding public key, it need not to carry any algorithm in the address. It would be much better to carry the public key by address, while indicate the algorithm by protocol. I think CGA is a good instance for involve address in cryptography. For forwarding efficiency, a public key can be only set as a suffix, thus forwarder could process the prefix only, and thus the cryptography related stuff may not hinder the looking up efficiency.
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
