IETF Logo Mail Archive

Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed

gx su <guangxsu@gmail.com> Thu, 17 September 2009 12:08 UTC

Return-Path: <guangxsu@gmail.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76AEF3A6962 for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 05:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UB1nuxsy+BXv for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 05:08:02 -0700 (PDT)
Received: from mail-iw0-f200.google.com (mail-iw0-f200.google.com [209.85.223.200]) by core3.amsl.com (Postfix) with ESMTP id 64CE528C1E6 for <cga-ext@ietf.org>; Thu, 17 Sep 2009 05:08:02 -0700 (PDT)
Received: by iwn38 with SMTP id 38so48875iwn.31 for <cga-ext@ietf.org>; Thu, 17 Sep 2009 05:08:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=vi8n+2Z/0kpUDCPZE8tfRJrvDy/4S8k4r8mbg+8eGnQ=; b=Un3yDjooiPi0WryoK4z0TqKnlhq2rGQf1Rp4XhQSq0xXd5x3Xv+5LCzYuFmxzTRhWw z8UhH929gO2bjfmh3YvIxz58YiEI7zT6bH0aRB0QKvG+AHYREqkvhUVasgMZnw9amMho ZpEoS0MNYjXgymaZJb1DysclilPsCaOMbdIxM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=SKxaHHSZj0mP1AIrggq2BGuddw5KgFAZ3nnAgyFLuhVS8SiKG2UtjASQBTuz0/WVBT G2kCcNq9dzYO8NZCBrnpjUvZ9iESMO4DmogoJ9BGA18N+3ZQJcXiIicMTSSZOq9OVt5K yRCWVErP/0adky1HFvX+OSBW/FMijIDhvBA78=
MIME-Version: 1.0
Received: by 10.231.124.22 with SMTP id s22mr20934784ibr.33.1253189331050; Thu, 17 Sep 2009 05:08:51 -0700 (PDT)
In-Reply-To: <002b01ca3787$57bedfc0$3a0c6f0a@china.huawei.com>
References: <87my4uoshp.fsf@small.ssi.corp> <002b01ca3787$57bedfc0$3a0c6f0a@china.huawei.com>
Date: Thu, 17 Sep 2009 20:08:51 +0800
Message-ID: <f111ff9f0909170508s497f55ecw50630b3abf148122@mail.gmail.com>
From: gx su <guangxsu@gmail.com>
To: Sheng Jiang <shengjiang@huawei.com>, Arnaud Ebalard <arno@natisbad.org>, Eric Levy-Abegnoli <elevyabe@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: wdwang <wdwang@bupt.edu.cn>, cga-ext@ietf.org
Subject: Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 12:08:03 -0000

Hi,

We've been implementing the SEND for the last couple of months.

>From the sender side both way might have the same efficiency,
since most implementations of SEND might be a layer over NDP,
and NDP would compute the cksum before SEND could intercept
the packet; but A would need to recover the cksum before verifying
the signature, while B simply setting the field to 0.

Given the computation power of current PCs, I think efficiency would
not be a great concern; it is consistency that matters. Therefore I
prefer A -- after all, it would be the 1st solution that pops out to
implementors when they encounter the problem.

I agree that some kind of clarification is needed, this would w/o the
bug from happening.

2009/9/17 Sheng Jiang <shengjiang@huawei.com>:
>> -----Original Message-----
>> From: Arnaud Ebalard [mailto:arno@natisbad.org]
>> Sent: Thursday, September 17, 2009 5:01 PM
>> To: Eric Levy-Abegnoli
>> Cc: Sheng Jiang; 'wdwang'; cga-ext@ietf.org
>> Subject: Re: [CGA-EXT] SEND checksum issue in current RFC
>> 3791 - update needed
>>
>> Hi,
>>
>> >> Yes, it is an issue must be clearly clarified in the specification.
>> >> Actually, there are two possibility here (which makes more
>> important
>> >> that specification should be clearly follow only one of them):
>>
>> Not arguing on the fact that "A" will be kept because it is
>> the "implemented" solution (Docomo implementation, Cisco,
>> probably Juniper too).
>>
>> >> A, if we would like to follow the drscription in Section 5.2.1 RFC
>> >> 3791, the input of RSA signature should be a checksum calculated
>> >> without RSA signature and it will be recalculated after signature
>> >> attached. On the receiver side, ICMP checksum should be validated,
>> >> then signature validate, then maybe checksum validate again.
>>
>> For the records (correction welcome if I missed sth),
>>
>> Signature computation:
>>
>>   - Create ICMPv6 message w/o RSA Signature option
>>   - Compute ICMPv6 checksum as usual using the pseudo-header
>> (current length,
>>     i.e. w/o the RSA Signature option)
>>   - Set that checksum in checksum field of the ICMPv6 header
>>   - Compute RSA Sig as described in section 5.2 of RFC 3971
>>   - Add RSA Signature Option at the end of the ICMPv6 message
>>   - Update ICMPv6 packet length to include RSA Sig option
>>   - Update IPv6 payload length to reflect addition of RSA Sig option
>>   - Update ICMPv6 checksum using updated pseudo-header for the
>>     computation (length value modified + addition of RSA Signature
>>     Option)
>>
>> Signature verification:
>>
>>   - Verify ICMPv6 checksum as usual on received message (obviously,
>>     including RSA Signature option)
>>   - Remove RSA Signature option from the packet
>>   - Update IPv6 length field to reflect previous removal
>>   - Recompute the checksum on the packet based on the new values (and
>>     w/o the RSA Sig Opt in the message)
>>   - Verify RSA Signature as described in RFC 3971
>
> This is right if we try to follow the current specification. This
> supplemented clarification is compliant with the current RFC 3971.
>
>> >> B, more efficiently, on the sender side, as you said, the input of
>> >> RSA signature should be a checksum with all 0, and after signature
>> >> attached, the checksim is computed over the whole packet. However,
>> >> this makes the signature over checksum totally meaningless.
>> >> Alternatively, we may take checksum bits out from the RSA
>> signature input.
>>
>> Performing the signature over the given layout with the null
>> checksum prevents useless copies: you zero the field, pass
>> the whole buffer to your signature function w/o the need to
>> copy things to create a different layout. But I guess this
>> does not matter anymore.
>
> Agree. If this is the initial design, it should be more efficient. However,
> if we need to follow what is already in current specification, try to keep
> consistent and compliant, don't break the existing implementations, then A
> is the only choice.
>
> Cheers,
>
> Sheng
>
>> Cheers,
>>
>> a+
>
> _______________________________________________
> CGA-EXT mailing list
> CGA-EXT@ietf.org
> https://www.ietf.org/mailman/listinfo/cga-ext
>

v2.23.0 | Report a Bug | By Email