Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]

[Erik Nordmark <erik.nordmark@sun.com>]

Henderson, Thomas R wrote:
> As I briefly mentioned today, there has been some complementary work in
> the HIP RG that discusses the handling of non-routable identifiers in
> legacy applications:
> http://www.ietf.org/internet-drafts/draft-henderson-hip-applications-02.
> txt, 
> the main differences being the use of KHI (now ORCHIDs) in HIP instead
> of CGAs.  

Is there an orchid draft? (I'm curious what might have changed other 
than the name.)

> Until recently, the HIP drafts defined a "Type 2" HIT with the property
> that the upper 64 bits contained support for two levels of hierarchical
> naming (enabling reverse resolution), with the lower bits being drawn
> from a hash of the public key, but this HIT type was dropped due to lack
> of interest last year:
> http://www1.ietf.org/mail-archive/web/hipsec/current/msg01519.html
> It was also felt by some that 64 bits of hash was insufficient to
> protect the binding between HIT and public key.

I can understand the 64 bit concern for HIP, since HIP is securing the 
payload. Hence the comparison is with the strength that IKE can provide.

But shim6 is only preventing redirection attacks; if one cares about 
payload protection one would run IPsec, TLS, etc above shim6.
For the redirection threats, 64 bits is probably plenty.

    Erik