Hi Markus, Markus Stenberg wrote:
The question I was trying to phrase is this: If I connect to a network, generate an arbitrary CGA, what value can someone else derive from the fact that they do opportunistic encryption with me, with CGA-based auth as opposed to some arbitrary 'uhm, I am someone. really.' identity scheme?
The value you gain is that once you start communicating with a node using your CGA address, nobody else can claim to be you and communicate with the same node. I think that counts for something.
The difference in the level of trust between return-routability and actually confirmed IP address (given no other information) seems slim to me, as I wouldn't trust either of them for about any purpose.
CGA based addresses can guard against on-link attackers which return routability cannot.
Cheers Suresh _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
