Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed

[Sheng Jiang <shengjiang@huawei.com>]

Eric,

I agree that we should stick on A. However, it is that obvious from the
current RFC 3791. Clarification/update will help on this.

Sheng

> -----Original Message-----
> From: Eric Levy-Abegnoli [mailto:elevyabe@cisco.com] 
> Sent: Thursday, September 17, 2009 3:55 PM
> To: Sheng Jiang
> Cc: 'Arnaud Ebalard'; 'wdwang'; cga-ext@ietf.org
> Subject: Re: [CGA-EXT] SEND checksum issue in current RFC 
> 3791 - update needed
> 
> Sheng,
> Currently, I see onle one possibility, which is A. It is 
> un-ambiguously specified in rfc3971. And it has been 
> implemented by multiple vendors. Moving to B would not be 
> backward compatible and would create inter-operability issues. 
> Eric
> 
> Sheng Jiang a écrit :
> > Hi, Arnaud,
> >
> > Yes, it is an issue must be clearly clarified in the specification.
> > Actually, there are two possibility here (which makes more 
> important 
> > that specification should be clearly follow only one of them):
> >
> > A, if we would like to follow the drscription in Section 5.2.1 RFC 
> > 3791, the input of RSA signature should be a checksum calculated 
> > without RSA signature and it will be recalculated after signature 
> > attached. On the receiver side, ICMP checksum should be validated, 
> > then signature validate, then maybe checksum validate again.
> >
> > B, more efficiently, on the sender side, as you said, the 
> input of RSA 
> > signature should be a checksum with all 0, and after signature 
> > attached, the checksim is computed over the whole packet. However, 
> > this makes the signature over checksum totally meaningless. 
> > Alternatively, we may take checksum bits out from the RSA 
> signature input.
> >
> > Additionally, there are intercommunication issues if a sender use A 
> > implementation and a receiver uses B implementation.
> >
> > Sum up, an update over the current definition RFC 3791 is needed on 
> > this issue.
> >
> > Cheers,
> >
> > Sheng
> >
> >   
> >> -----Original Message-----
> >> From: Arnaud Ebalard [mailto:arno@natisbad.org]
> >> Sent: Thursday, September 17, 2009 2:02 PM
> >> To: Sheng Jiang
> >> Cc: cga-ext@ietf.org; 'wdwang'
> >> Subject: Re: [CGA-EXT] SEND checksum issue in current RFC
> >> 3791 - update needed
> >>
> >> Hi,
> >>
> >> Sheng Jiang <shengjiang@huawei.com> writes:
> >>
> >>     
> >>> During our implementation of SEND & CGA, we discovered an
> >>>       
> >> issue in the
> >>     
> >>> current RFC 3791, described as the following. An update is
> >>>       
> >> needed to
> >>     
> >>> solve this issue.
> >>>
> >>> Checksum issue in the current SEND definition RFC 3791.
> >>>
> >>> In Section 5.2, RFC3791, digital signature is defined to 
> sign data 
> >>> include checksum fieds from ICMP header (bullet item 4),
> >>>       
> >> which should
> >>     
> >>> already be calculated during the construction of message 
> (the first 
> >>> step in Section 5.2.1). After RSA signature is attached,
> >>>       
> >> the original
> >>     
> >>> checksum value is no longer valid. It should be
> >>>       
> >> recalsulated. However,
> >>     
> >>> this was not clearly defined in RFC 3791. More importantly, the 
> >>> correspondent validation rule must be defined on the
> >>>       
> >> receiver side too.
> >>
> >> I already reported that same issue some time ago and the 
> good way to 
> >> understand the spec is to compute the signature over the 
> packet with 
> >> the checksum field to 0. Then, the checksum is computed over the 
> >> whole packet. But I agree that the spec is unclear on that.
> >>
> >> See my post and Eric's reply here:
> >>
> >>   
> http://www.ietf.org/mail-archive/web/cga-ext/current/msg00098.html
> >>
> >> Cheers,
> >>
> >> a+
> >>     
> >
> > _______________________________________________
> > CGA-EXT mailing list
> > CGA-EXT@ietf.org
> > https://www.ietf.org/mailman/listinfo/cga-ext
> >
> >   
>