In your previous mail you wrote: > About the modifier that I have, I will also check to determine whether using > makes breaking it easier or harder. If it is easier. then I will use the > entire 64 bits of the public key (set bit u and g) and use the fixed part of > the public key.
=> I don't believe 64 vs 48 bits will change a lot for a RSA public key. > Francis: SSAS also provides proof of IP address ownership as does CGA. The > question here is not that but is on the security considerations that are > based on my calculations with regard to the probability of being able to > break it. I believe that what Christian says is not true, but I will have to > try it to prove him wrong. About other algorithms, CGA can use them as well > so you cannot compare the computational times based on the use of those > algorithms. => I fully disagree with your security considerations. My math shows to build a matching RSA public key takes a similar time than to build a new RSA key pair. Note it won't be enough to go through a hash function and to take benefit of pre-image resistance because you doesn't have enough bit in the interface ID. My conclusion is you have to reinvent CGAs to get similar/equivalent security properties. Regards francis.dup...@fdupont.fr -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------