Hi, The following is some comment from Tom (HIPRG co-chair) with regard to the flat HIT vs hierarchial HIT. The corresponding discussion thread is https://listserv.cybertrust.com/pipermail/hipsec-rg/2008-July/000511.html
********************************************************************************** Regarding flat HIT vs. hierarchical HIT, this by itself is IMO a good topic for discussion for this research group, because a hierarchical HIT offers some improved resolution properties. I think it is challenging to squeeze hierarchy/administrative bits into the existing 128-bit field, because if we are constrained to use an ORCHID prefix, then to get on the order of 32 bits of hierarchy we will be down to roughly 70 bits of hash which compromises the ability to survive the second preimage attack. To me, this is problematic because one of the key attributes of HIP is that the security of the binding update is not easily compromised. Another problem is to decide who owns and gets to allocate the bits corresponding to the administrative domains. Presumably, there would need to be some security architecture to authenticate ownership of certain bit patterns in that field, and would introduce some kind of third party gatekeeper of the bits. However, if the bit constraints were reduced by going to larger HITs (such as 256 bits) then I think that having some bits to identify the overlay where the HIT may be resolved becomes more attractive, and if there are a lot of administrative bits available, then the political problems of administering them are somewhat reduced since they are not so scarce. - Tom ********************************************************************************* BR, Xiaohu > -----邮件原件----- > 发件人: [email protected] [mailto:[email protected]] 代表 Xu Xiaohu > 发送时间: 2009年7月31日 16:22 > 收件人: [email protected] > 抄送: 'IRTF RRG' > 主题: [rrg] Some concerns about ILNP > > Hi Ran, > > If I understand your ILNP correctly, it is much silimar with > the GSE. If so, I'm wondering whether the issues with the > GSE described in draft-ietf-ipngwg-esd-analysis have been > successfully solved by the ILNP, e.g., identifier > authentication issue. It seems that the answers to these > hard issues have not been mentioned in your slides. > > I noticed the following statement in your slides, do you > believe that 62-bit field is long enough to prevent the > security of the binding of the 62-bit hash value and the > public key from being easily compromised once you use the > HIP/CGA like ideas to deal with the identifier authentication issue? > > ********************************* > If scope bit is local, have 62 bits that can be anything: > ‣ Cryptographically Generated Identifier (a la CGA proposals) > ‣ Hash of a public-key (a la HIP) ‣ Pseudo-randomly generated > (a la IPv6 Privacy AutoConf) > ********************************** > > Best regard, > > Xiaohu > > _______________________________________________ > rrg mailing list > [email protected] > http://www.irtf.org/mailman/listinfo/rrg > _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
