> We would appreciate very much feedback from members of the IPv6 WG on > this internet draft.
I am supportive of the genral idea of reserving a prefix for "statistically unique identifiers" that are derived from some kind of cryptographic ID. However, I have a problem with the specified syntax: Input := any bitstring Hash Input := Context ID | Input Hash := SHA1( Expand( Hash Input ) ) KHI := Prefix | Encode_n( Hash ) This syntax includes a static reference to the SHA1 hash function and to the "encode_n" extraction function. As a general rule, hard coding a specific cryptographic algorithm in a standard is a very bad idea. In fact, SHA1 is already suspect. The syntax should allow for an identification of the algorithm as part of the "hash input". I would much prefer seeing the syntax modified to explicitly allow for an arbitrary hashing function, maybe something like: Input := any bitstring Hash Input := Algorithms ID | Context ID | Input Hash := Hash( Expand( Hash Input ) ) KHI := Prefix | Encode_n( Hash ) In the proposed syntax, "algorithms ID" identifies the hash function, the expand function, and the encode_n function. It may also identify a particular syntax for the Input data, e.g. whether some type of certificate is expected. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
