Sent from my iPad On Jul 18, 2012, at 8:48 AM, Saku Ytti <saku@ytti.fi> wrote:
On (2012-07-18 08:37 -0500), Stephen Sprunk wrote:
it should bepossible to incorporate RFC2777 verifiability to it.
There is no need for that, since your failure to use a good source of randomness hurts nobody except yourself.
I think you're making fact out of opinion. Maybe SP is generating ULAs for their customers. Maybe they'd like to be able to prove in case of dispute that other customer with memorable ULA was not favoured. Maybe someone claims I'm not using BCP methods for ULA selection, and I'd like to be able to falsify those claims.
SP should never do that. SP should provide GUA. ULA should be local to the customer and not used between customers unless the customers specifically agree to do so. In that case, the customers can handle the coordination and there is no need for the SP to be involved in any dispute. Owen