IPv6 CGA and key (non-)management, was Re: How to preempt rogue RAs?

marcelo bagnulo braun marcelo at it.uc3m.es
Mon Nov 1 17:36:30 CET 2010


El 01/11/10 14:46, Shane Kerr escribió:
> Mark,
>
> On Mon, 2010-11-01 at 07:47 +1030, Mark Smith wrote:
>> Key management is usually more of an issue. I've wondered, but haven't
>> looked into, whether 802.1x can be used to boot strap IPv6 SEND,
>> facilitating a simple username/password authentication model that we're
>> all quite comfortable with.
> I thought the whole beauty of IPv6 CGA (horrible acronym) is that you
> don't need key management. The address *is* the public key. (To be
> completely correct, the rightmost 64 bits of the address is the hash of
> the public key).
>
> If the person sending packets to you can generate packets that match the
> public key, then they must have the private key
>
> No key further key management is necessary, at least as far as trusting
> that the sender of a packet is the one that "owns" the origin IP
> address.
>
> At least, that's my understanding.
>

that is correct

regards, marcelo

> --
> Shane
>
>




More information about the ipv6-ops mailing list