about security level evaluation of draft-zhou-6man-mhash-cga-00
zhou.sujing@zte.com.cn Tue, 27 March 2012 13:52 UTC
Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D612221F897F for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 06:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.046
X-Spam-Level:
X-Spam-Status: No, score=-99.046 tagged_above=-999 required=5 tests=[AWL=2.792, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R+ng4MM9SvRD for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 06:52:36 -0700 (PDT)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFB621F88C8 for <ipv6@ietf.org>; Tue, 27 Mar 2012 06:52:36 -0700 (PDT)
Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 122801320096835; Tue, 27 Mar 2012 21:16:32 +0800 (CST)
Received: from [10.30.3.21] by [192.168.168.16] with StormMail ESMTP id 34335.1881878302; Tue, 27 Mar 2012 21:52:17 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse02.zte.com.cn with ESMTP id q2RDqGB0025801; Tue, 27 Mar 2012 21:52:16 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <4F71B938.7030300@si6networks.com>
To: "ipv6@ietf.org" <ipv6@ietf.org>
Subject: about security level evaluation of draft-zhou-6man-mhash-cga-00
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF974F286A.B19B0ED5-ONC12579CE.004B58ED-C12579CE.004C335D@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Tue, 27 Mar 2012 14:52:13 +0100
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-03-27 21:52:20, Serialize complete at 2012-03-27 21:52:20
Content-Type: multipart/alternative; boundary="=_alternative 004C335CC12579CE_="
X-MAIL: mse02.zte.com.cn q2RDqGB0025801
Cc: jari.arkko@ericsson.com
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 13:52:39 -0000
In response to coments on draft draft-zhou-6man-mhash-cga-00 1. It can be referred to RFC3972 section 7.2 "This increases the cost of address generation approximately by a factor of 2^(16*Sec). It also increases the cost of brute-force attacks by the same factor. That is, the cost of creating a CGA Parameters data structure that binds the attacker's public key with somebody else's address is increased from O(2^59) to O(2^(59+16*Sec)). The address generator may choose the security parameter Sec depending on its own computational capacity, the perceived risk of attacks, and the expected lifetime of the address. Currently, Sec values between 0 and 2 are sufficient for most IPv6 nodes. As computers become faster, higher Sec values will slowly become useful." So though hash output length and sec parameter are two different things, they can be added together to evaluate as a whole. If have doubts, I suggest ask CFRG people to consider it. 2. when consider computation part for good guys, since it has been suggested to use high sec value, 2^(16*sec) is already to big work to do (when sec=3, cost thousands of hours ), so it is not distinguish with plus 3. And it has already been proposed to delegate the generation of CGA to a third party when using high sec.
- Meta comment about "3484bis and privacy addresses" Fernando Gont
- about security level evaluation of draft-zhou-6ma… zhou.sujing
- Re: about security level evaluation of draft-zhou… Jari Arkko
- Re: Meta comment about "3484bis and privacy addre… Dominik Elsbroek
- 答复: Re: about security level evaluation of draft-… zhou.sujing
- draft-gont-6man-stable-privacy-addresses (was: Re… Fernando Gont
- Re: draft-gont-6man-stable-privacy-addresses (was… Jong-Hyouk Lee
- Re: Meta comment about "3484bis and privacy addre… Brian Haberman
- RE: about security level evaluation of draft-zhou… Christian Huitema
- Re: about security level evaluation of draft-zhou… Jari Arkko
- 答复: RE: about security level evaluation of draft-… zhou.sujing
- RE: RE: about security level evaluation of draft-… Christian Huitema
- 答复: RE: RE: about security level evaluation of dr… zhou.sujing
- RE: RE: RE: about security level evaluation of dr… Christian Huitema