Authentication is an important issue in many types of network communications. Many messages are meaningful only if the recipient can verify the identity of the sender. In some cases, the recipient associates a particular characteristic with a sender's identity. When a message is received that is known to come from that sender, the recipient refers to the characteristic in deciding what action to take. For example, a company employee associates the characteristic “authority to issue certain orders” with the company's president. Upon receiving the message “Take tomorrow off,” the employee treats the message with more respect if the message is known to come from the company president than if it came from an anonymous person. In another example, the recipient associates the characteristic “truth in reporting” with the identity of certain news outlets but not with other news outlets nor with the populace in general. Even if a message is received from a sender for whom the recipient has no pre-established association, the sender's identity may be meaningful in linking multiple messages together. For example, a police department receiving the message “False alarm: I'm not being robbed after all” would presumably accept the message at face value only if it could verify that the sender was indeed the same person who sent the earlier “Help! I'm being robbed!” message.
In network communications, an often used form of identity is the network address used by a device to identify itself on the network. Messages are typically tagged with this form of identity, which can be used by a recipient to address a message in response. However, a nefarious party may easily send a message with a deceptive sender's address. Without an authentication mechanism verifying that the sender's network address contained in the message is actually the originating address, this form of identity is vulnerable to fraudulent misrepresentation.
In addition to sending unauthentic messages, a nefarious party may try to prevent other parties from communicating with each other. This type of threat is called denial-of-service. There are many types of denial-of-service attacks against communication systems. In computer networks, one particular type of denial-of-service attack is one where the attacker prevents a network node from obtaining a network address. More generally, in any system where an identifier or identity authentication is a pre-requisite for participation in the system, an attacker may try to prevent the participants from obtaining suitable identifiers.
Protocols address the problem of fraudulent misrepresentation and denial-of-service by implementing authentication services. The recipient of a message uses the authentication services to verify the identity of the sender of the message. The recipient then takes action based on the characteristics associated with the sender's identity. Formerly, a perceived difficulty in implementing authentication was that some of the authentication services provided their security by means of quite complicated mechanisms. They came at a heavy perceived price in terms of a significant investment in administrative and communicative overhead. Several earlier proposals focused on easing this administrative burden. For example, cryptographically generated addresses (CGAs)-IPv6 addresses where some of the address bits, usually the 64-bit interface identifier, are created from a cryptographic hash of the address owner's public key—offer an advantage in that no third parties or additional infrastructure, such as a public-key infrastructure (PKI), is needed to verify signatures. Any IPv6 node capable of basic cryptographic operations could generate a CGA address locally, and only the address and the public key were needed for verifying the signatures. Though initially promising, earlier contemplated CGA proposals present a major security weakness inherent in the 64-bit limit on the hash length.