Erik, > Perhaps the question was about the whole address and not just the interface > ID. You've described how the interface ID is crypgraphically tied to a > public key. But this doesn't per-se prevent somebody fabricating a > CGA address using an arbitrary prefix.
You are right. Michael & Tuomas suggested that "stuff" included also the prefix, hence iid = low64(hash(PK, prefix, stuff)) & mask This makes it harder to transfer iids from one link to another, or to create pre-computed iids. But it doesn't prevent "fabricanting" CGA addresses; they are all fabricated by the host itself, after all. That is explained in detail in draft-roe-mobileip-updateauth-02.txt. What CGA is all about is that it is (believed to be) hard to create two create two <PK, stuff> pairs that happen to have the same IID, or -- more importantly -- to find a <PK, stuff> pair that yields a given IID. That also set some restrictions on what one can include in "stuff". > The way to avoid this for MIPv6 is to do a return routability test > when the CGA address is verified. The RR test would ensure that the > peer is reachable at the prefix. (And the RR test would essentially be done > as part of the challenge to have the peer sign the nonce using the private > key.) That's right. CGA alone doesn't really show that somebody "owns" an address. In the non-local case, you must always perform the RR test also, they way you note. --Pekka -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------