Re: [CGA-EXT] CGA-EXT Digest, Vol 29, Issue 2

回全超 <huiquanchao@gmail.com> Fri, 18 September 2009 07:29 UTC

Return-Path: <huiquanchao@gmail.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A3003A6957 for <cga-ext@core3.amsl.com>; Fri, 18 Sep 2009 00:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.902
X-Spam-Level:
X-Spam-Status: No, score=0.902 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OEQ5HO+LcHQd for <cga-ext@core3.amsl.com>; Fri, 18 Sep 2009 00:29:58 -0700 (PDT)
Received: from mail-px0-f173.google.com (mail-px0-f173.google.com [209.85.216.173]) by core3.amsl.com (Postfix) with ESMTP id 67BD13A68FC for <cga-ext@ietf.org>; Fri, 18 Sep 2009 00:29:58 -0700 (PDT)
Received: by pxi3 with SMTP id 3so703848pxi.31 for <cga-ext@ietf.org>; Fri, 18 Sep 2009 00:30:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=Ygvpz1/K6KIIIvmm47kuPK+QWVKnehNhgL7pEBxRRTc=; b=Bi6/XAca5JgRnTkbVBurXPb9OcJjN/TfLFvTve27AFrep4SmKwg8WIK4EiOB0KXs/W Fh1OJwO/uqmmhD71+FJd4rf0NRL/d4CuhRBYFfFRyV6lP2elQXPmERo8mF+cSusiWmz6 1YSWdoW5mf8KbL28sY5NMK2b4xaQ/je6DByr8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=iokSp0W0WlseCFzV6iSoLCPEUVZKx66dDru7jZN1eCJP5sMRi2V6L81GXcB0PP5G8X RBXPSa04yB9FbfJyXnj9tlyFL9MM3Rwhha+FCxgFomR8x3wXlQFrVJSFW7r70W0tVXf9 lX4cFaGt7IPFK23wQmLHUMFVTZzop8JmTMJhM=
MIME-Version: 1.0
Received: by 10.114.7.25 with SMTP id 25mr1975604wag.21.1253259049662; Fri, 18 Sep 2009 00:30:49 -0700 (PDT)
In-Reply-To: <mailman.2620.1253153719.4737.cga-ext@ietf.org>
References: <mailman.2620.1253153719.4737.cga-ext@ietf.org>
Date: Fri, 18 Sep 2009 15:30:49 +0800
Message-ID: <7d4043110909180030l5407ad54sb0f97f45b067c825@mail.gmail.com>
From: 回全超 <huiquanchao@gmail.com>
To: cga-ext@ietf.org
Content-Type: multipart/alternative; boundary="0016e648ae927778150473d51c61"
Subject: Re: [CGA-EXT] CGA-EXT Digest, Vol 29, Issue 2
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 07:29:59 -0000

Hi,  dear CSIers,

We are a team from BUPT (Beijing University of Posts & Telecommunications)
and
we (including gx su) have been implementing the SeND for months.


I've read the discussions about SeND cksum issue and I've got some opinions
to share.

Firstly, when we encounter the problem, we took solution A, since our
implementation is based on LINUX

kernel and we do not want to change the NDP implementation in it. But it
causes the sender to recompute

the cksum before sending messages and the receiver to recover cksum before
signature verification. I

think some sort of clarification should be made inorder to avoid
misunderstanding.


Secondly, nowadays security issues become more and more important for
Internet. I think authentications

using signature will be applied in many other scenarios in future, and the
cksum signature problem

might happen again. Shall we do something about this?



Best regards,

Quanchao Hui


2009/9/17 <cga-ext-request@ietf.org>

> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to
>
> https://www.ietf.org/mailman/listinfo/cga-ext
>
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
>
>
>
> Send CGA-EXT mailing list submissions to
>        cga-ext@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://www.ietf.org/mailman/listinfo/cga-ext
> or, via email, send a message with subject or body 'help' to
>        cga-ext-request@ietf.org
>
> You can reach the person managing the list at
>        cga-ext-owner@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of CGA-EXT digest..."
>
>
> Today's Topics:
>
>   1.  SEND checksum issue in current RFC 3791 - update needed
>      (Sheng Jiang)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 17 Sep 2009 10:14:03 +0800
> From: Sheng Jiang <shengjiang@huawei.com>
> Subject: [CGA-EXT] SEND checksum issue in current RFC 3791 - update
>        needed
> To: cga-ext@ietf.org
> Cc: 'wdwang' <wdwang@bupt.edu.cn>
> Message-ID: <000901ca373c$874238f0$3a0c6f0a@china.huawei.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi, dear CSIer,
>
> During our implementation of SEND & CGA, we discovered an issue in the
> current RFC 3791, described as the following. An update is needed to solve
> this issue.
>
> Checksum issue in the current SEND definition RFC 3791.
>
> In Section 5.2, RFC3791, digital signature is defined to sign data include
> checksum fieds from ICMP header (bullet item 4), which should already be
> calculated during the construction of message (the first step in Section
> 5.2.1). After RSA signature is attached, the original checksum value is no
> longer valid. It should be recalsulated. However, this was not clearly
> defined in RFC 3791. More importantly, the correspondent validation rule
> must be defined on the receiver side too.
>
> Best regards,
>
> Sheng
>
>
>
> ------------------------------
>
> _______________________________________________
> CGA-EXT mailing list
> CGA-EXT@ietf.org
> https://www.ietf.org/mailman/listinfo/cga-ext
>
>
> End of CGA-EXT Digest, Vol 29, Issue 2
> **************************************
>