Right, there is work on making CGAs crypto-agile and it was presented in a previous int-area meeting at IETF 66 (http://www3.ietf.org/proceedings/06jul/minutes/intarea.txt item 6).
However, there's another SEND issue that arose in a discussion I was in. Is there any EKU defined for the X.509 certs used for securing Router Discovery, that authorizes use as a router? I can't find one, meaning the only option is to issue a cert that is valid for all possible purposes. Or am I missing something? -Dave > -----Original Message----- > From: Suresh Krishnan [mailto:[EMAIL PROTECTED] > Sent: Monday, June 04, 2007 10:10 AM > To: Bernard Aboba > Cc: [EMAIL PROTECTED] > Subject: Re: [Int-area] Re: SeND & CGA Extensions BOF > > Hi Bernard, > > Bernard Aboba wrote: > > I have a basic concern with the use of CGA in the IETF, which is that > the > > CGA design is not currently crypto-agile. > > Yes. This is a big concern. Marcelo and Jari wrote a draft about > updating CGAs to use multiple hash functions. > > http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.t xt > > This is an individual submission and is in the RFC Editor's queue. > > Cheers > Suresh > > > _______________________________________________ > Int-area mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
