comments on drafts using CGA

Email lists > MIPv6 Signaling and Handoff Optimization

Thread: comments on drafts using CGA

Search this list only Search all lists
comments on drafts using CGA
	2006-10-22 12:22:53

Thanks for your comments, it helps me a lot. Please see my comments inline. Thanks, Zhen On 10/22/06, James Kempf <docomolabs-usa.com" target="_blank"> kempfdocomolabs-usa.com> wrote: Zhen, A few years ago, some of us published some drafts on how to use ID crypto for address security. Basically it came down to using the address as the public key. The problem is the need for provisioning of the private key by the KDC. The two problems with this were 1) the KDC knows the private key and therefore could compromise it and 2) the KDC and the client need to support some other kind of cryptosystem to provide confidentiality during the key distribution. The first problem can be limited using a couple of techniques, like HIDE (Hierarchical Identity-based Encryption) but the For the first problem: the KDC is much more robust than client with respect to key compromise. Yes, if the KDC is compromised, all the keys are disclosed. But I think the KDC is the infrastructure of the network, such as Certificate Authority and AAA. We rely on those infrastructures so the assumption has always been that 'the infrastructure is secure enough'. If they are assumed compromised, any mechanisms MUST fail. second one seems insoluble. Given that RSA is a logical choice for the cryptosystem between the KDC and the client, why not simply use CGA in the first place? From a system perspective, ID crypto is like Kerberos, and it suffers from the same limitations when used for deployment scenerios that are open-ended, i.e. not limited to particular organizations or other groups. Possibly you have some new insights into solving these problems, I have not read your draft so I cannot say.   Simply using CGA in the first place is not a problem. But what if we have more efficient and effective substitutions. We try to promote what CGA has guaranteed. As for the open-ended deployment scenarios, we have not considered yet. Do you have suggested reference? Regarding your other criticisms of the drafts that use CGAs, I haven't looked at the drafts with this perspective in mind, but if they are not abiding by the guidelines in RFC 3872, then they probably need some work.   You meant RFC 3972? Yes, I think we should have more considerations rather than just assert that we will take advantage of CGA.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES