RE: I-D ACTION:draft-laganier-ipv6-khi-00.txt

To: "Julien Laganier" <julien.IETF at laposte.net>, <ipv6 at ietf.org>
Subject: RE: I-D ACTION:draft-laganier-ipv6-khi-00.txt
From: "Christian Huitema" <huitema at windows.microsoft.com>
Date: Tue, 6 Sep 2005 21:31:32 -0700
Cc: Pekka Nikander <pekka.nikander at nomadiclab.com>, Francis Dupont <Francis.Dupont at enst-bretagne.fr>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Sender: ipv6-bounces at ietf.org
Thread-index: AcWyv0DHG2G3CxYHT4ivp+aXtYmSkgAown4w
Thread-topic: I-D ACTION:draft-laganier-ipv6-khi-00.txt

> We would appreciate very much feedback from members of the IPv6 WG on
> this internet draft.

I am supportive of the genral idea of reserving a prefix for
"statistically unique identifiers" that are derived from some kind of
cryptographic ID. However, I have a problem with the specified syntax:

   Input      :=  any bitstring
   Hash Input :=  Context ID | Input
   Hash       :=  SHA1( Expand( Hash Input ) )
   KHI        :=  Prefix | Encode_n( Hash )

This syntax includes a static reference to the SHA1 hash function and to
the "encode_n" extraction function. As a general rule, hard coding a
specific cryptographic algorithm in a standard is a very bad idea. In
fact, SHA1 is already suspect. The syntax should allow for an
identification of the algorithm as part of the "hash input".

I would much prefer seeing the syntax modified to explicitly allow for
an arbitrary hashing function, maybe something like:

   Input      :=  any bitstring
   Hash Input :=  Algorithms ID | Context ID | Input
   Hash       :=  Hash( Expand( Hash Input ) )
   KHI        :=  Prefix | Encode_n( Hash )

In the proposed syntax, "algorithms ID" identifies the hash function,
the expand function, and the encode_n function. It may also identify a
particular syntax for the Input data, e.g. whether some type of
certificate is expected. 

-- Christian Huitema

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt
  - From: Francis Dupont
- Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt
  - From: Pekka Nikander

Prev by Date: Re: "Link-Local" clarification in <draft-ietf-ipv6-addr-arch-v4-04.txt> (is Link-Local fe80::/10 or fe80::/64 ?)
Next by Date: Re: "Link-Local" clarification in <draft-ietf-ipv6-addr-arch-v4-04.txt> (is Link-Local fe80::/10 or fe80::/64 ?)
Previous by thread: Fwd: I-D ACTION:draft-laganier-ipv6-khi-00.txt
Next by thread: Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt
Index(es):
- Date
- Thread

RE: I-D ACTION:draft-laganier-ipv6-khi-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.