Skip to Main Content
Many Next Generation Internet architecture proposals introduce a cryptographic namespace to integrate security functionality into the network layer. They suggest to use the hash of a node's public key as its address - the so called self-certifying address. This tight coupling between the public key and the address, however, raises the vulnerability and misleadingly indicates a false sense of security. In this paper we discuss four problematic issues with self-certifying addresses. These are inflexibility in key change, misuse of old keys, problematic authentication and random key guess. In the end we briefly outline a different approach to integrate the private/public key principle with an locator/identifier-split architecture.