[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CGA-EXT] CGA-EXT Digest, Vol 29, Issue 2
Hi, dear CSIers,
We are a team from BUPT (Beijing University of Posts & Telecommunications) and
we (including gx su) have been implementing the SeND for months.
I've read the discussions about SeND cksum issue and I've got some opinions to share.
Firstly, when we encounter the problem, we took solution A, since our implementation is based on LINUX
kernel and we do not want to change the NDP implementation in it. But it causes the sender to recompute
the cksum before sending messages and the receiver to recover cksum before signature verification. I
think some sort of clarification should be made inorder to avoid misunderstanding.
Secondly, nowadays security issues become more and more important for Internet. I think authentications
using signature will be applied in many other scenarios in future, and the cksum signature problem
might happen again. Shall we do something about this?
Best regards,
Quanchao Hui
2009/9/17
<cga-ext-request at ietf.org>
If you have received this digest without all the individual message
attachments you will need to update your digest options in your list
subscription. To do so, go to
https://www.ietf.org/mailman/listinfo/cga-ext
Click the 'Unsubscribe or edit options' button, log in, and set "Get
MIME or Plain Text Digests?" to MIME. You can set this option
globally for all the list digests you receive at this point.
Send CGA-EXT mailing list submissions to
cga-ext at ietf.org
To subscribe or unsubscribe via the World Wide Web, visit
https://www.ietf.org/mailman/listinfo/cga-ext
or, via email, send a message with subject or body 'help' to
cga-ext-request at ietf.org
You can reach the person managing the list at
cga-ext-owner at ietf.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CGA-EXT digest..."
Today's Topics:
1. SEND checksum issue in current RFC 3791 - update needed
(Sheng Jiang)
----------------------------------------------------------------------
Message: 1
Date: Thu, 17 Sep 2009 10:14:03 +0800
From: Sheng Jiang <shengjiang at huawei.com>
Subject: [CGA-EXT] SEND checksum issue in current RFC 3791 - update
needed
To: cga-ext at ietf.org
Cc: 'wdwang' <wdwang at bupt.edu.cn>
Message-ID: <000901ca373c$874238f0$3a0c6f0a at china.huawei.com>
Content-Type: text/plain; charset=us-ascii
Hi, dear CSIer,
During our implementation of SEND & CGA, we discovered an issue in the
current RFC 3791, described as the following. An update is needed to solve
this issue.
Checksum issue in the current SEND definition RFC 3791.
In Section 5.2, RFC3791, digital signature is defined to sign data include
checksum fieds from ICMP header (bullet item 4), which should already be
calculated during the construction of message (the first step in Section
5.2.1). After RSA signature is attached, the original checksum value is no
longer valid. It should be recalsulated. However, this was not clearly
defined in RFC 3791. More importantly, the correspondent validation rule
must be defined on the receiver side too.
Best regards,
Sheng
------------------------------
_______________________________________________
CGA-EXT mailing list
CGA-EXT at ietf.org
https://www.ietf.org/mailman/listinfo/cga-ext
End of CGA-EXT Digest, Vol 29, Issue 2
**************************************