about the secrurity evalutaion in CGAs
zhou.sujing@zte.com.cn Tue, 27 March 2012 16:43 UTC
Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B2621E80CD for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 09:43:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.777
X-Spam-Level:
X-Spam-Status: No, score=-98.777 tagged_above=-999 required=5 tests=[AWL=3.061, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dY3nSFxghu6N for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 09:43:51 -0700 (PDT)
Received: from mx5.zte.com.cn (mx5.zte.com.cn [63.217.80.70]) by ietfa.amsl.com (Postfix) with ESMTP id D23BB21F88A6 for <ipv6@ietf.org>; Tue, 27 Mar 2012 09:43:50 -0700 (PDT)
Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 523731320096835; Tue, 27 Mar 2012 21:03:57 +0800 (CST)
Received: from [10.30.3.20] by [192.168.168.15] with StormMail ESMTP id 96035.1881878302; Tue, 27 Mar 2012 21:12:11 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q2RDC3ku023925; Tue, 27 Mar 2012 21:12:04 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
MIME-Version: 1.0
To: ipv6@ietf.org
Subject: about the secrurity evalutaion in CGAs
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF88703402.9985B993-ONC12579CE.003EE838-C12579CE.00488281@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Tue, 27 Mar 2012 14:11:54 +0100
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-03-27 21:12:06, Serialize complete at 2012-03-27 21:12:06
Content-Type: multipart/alternative; boundary="=_alternative 0048827FC12579CE_="
X-MAIL: mse01.zte.com.cn q2RDC3ku023925
Cc: jari.arkko@ericsson.com
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 16:43:52 -0000
In response to coments on draft draft-zhou-6man-mhash-cga-00 It can be referred to RFC3972 section 7.2 "This increases the cost of address generation approximately by a factor of 2^(16*Sec). It also increases the cost of brute-force attacks by the same factor. That is, the cost of creating a CGA Parameters data structure that binds the attacker's public key with somebody else's address is increased from O(2^59) to O(2^(59+16*Sec)). The address generator may choose the security parameter Sec depending on its own computational capacity, the perceived risk of attacks, and the expected lifetime of the address. Currently, Sec values between 0 and 2 are sufficient for most IPv6 nodes. As computers become faster, higher Sec values will slowly become useful. " Regards~~~ -Sujing Zhou
- about the secrurity evalutaion in CGAs zhou.sujing