Hi, Hosnieh, Thanks so much for your feedback! Please find my comments inline...
On 12/17/2012 12:18 PM, Rafiee, Hosnieh wrote: > Follow-up > > To clarify my question from my last email, I raise three important > issues here: > > 1 - The assumption made in this draft is not true because, according What's the "assumption" you're referring to? > 2 - It takes the same cryptographic approach as explained for CGA in > RFC 3972 (sec value 0). The main reason for using CGA is because of > the generation of a random IID, regardless of ,whether or not, it is > used in SEND. Now the real question is what are the differences > between this algorithm and those explained in RFC 3972 and RFC 4941? RFC4941 generates random addresses that change over time -- they are not stable within the same network. And they are generated *in addition* to the traditional SLAAC addresses. When it comes to CGAs, Some of them include: * draft-ietf-6man-stable-privacy-addresses is simpler, and has fewer requirements on the host. e.g., each host can use whatever hash algorithm they want, since no other host will need to "verify" the address. * The goal of CGAs is that you do have access to all the input materials to the hash function and know all of the implementation details, such that any node can regenerate/verify the IID. The goal of *stable-privacy-addresses is that you *cannot* generate the IIDs (hence we rely on a secret key). * It doesn't make much sense to use CGAs along with Privacy addresses (RFC4941) -- or else an attacker would always use RFC4941, such that hosts cannot verify the CGAs. OTOH, *stable-privacy-addresses are orthogonal to RFC 4941. > 3- the result of these false assumptions is that the possibility of > attacks is probable is false too. Please state what are the "assumptions" you're referring to. Thanks, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
