Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
Eric Levy-Abegnoli <elevyabe@cisco.com> Thu, 17 September 2009 08:44 UTC
Return-Path: <elevyabe@cisco.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6874A3A6782 for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 01:44:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.407
X-Spam-Level:
X-Spam-Status: No, score=-9.407 tagged_above=-999 required=5 tests=[AWL=1.192, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbBa9CWH88KN for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 01:44:01 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id D6D6E3A67BE for <cga-ext@ietf.org>; Thu, 17 Sep 2009 01:44:00 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlIAAGOUsUqQ/uCKe2dsb2JhbACbJwEBFiQGqTeITgGQPgWEGIFd
X-IronPort-AV: E=Sophos;i="4.44,402,1249257600"; d="scan'208";a="49581102"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 17 Sep 2009 08:44:50 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n8H8ioMO025468; Thu, 17 Sep 2009 10:44:50 +0200
Received: from xbh-ams-102.cisco.com (xbh-ams-102.cisco.com [144.254.73.132]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n8H8ioaL020448; Thu, 17 Sep 2009 08:44:50 GMT
Received: from xmb-ams-105.cisco.com ([144.254.74.80]) by xbh-ams-102.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 17 Sep 2009 10:44:50 +0200
Received: from [144.254.53.124] ([144.254.53.124]) by xmb-ams-105.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 17 Sep 2009 10:44:50 +0200
Message-ID: <4AB1F701.1060805@cisco.com>
Date: Thu, 17 Sep 2009 10:44:49 +0200
From: Eric Levy-Abegnoli <elevyabe@cisco.com>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Arnaud Ebalard <arno@natisbad.org>
References: <002501ca376a$5eb39950$3a0c6f0a@china.huawei.com> <4AB1EB54.4000903@cisco.com> <871vm6q8tc.fsf@small.ssi.corp>
In-Reply-To: <871vm6q8tc.fsf@small.ssi.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 17 Sep 2009 08:44:50.0928 (UTC) FILETIME=[1EB2C700:01CA3773]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2128; t=1253177090; x=1254041090; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=elevyabe@cisco.com; z=From:=20Eric=20Levy-Abegnoli=20<elevyabe@cisco.com> |Subject:=20Re=3A=20[CGA-EXT]=20SEND=20checksum=20issue=20i n=20current=20RFC=203791=20-=20update=09needed |Sender:=20; bh=LjIDrwmo1zsUjmEKZvMfZsdFbbOmcO2/ZCAtMrR7x4w=; b=wfjKwKRsGuEwYMj6Lsf4qLwvbKSR2cQqyS0OpmlON2ls2Mymgu9qMrnZID 5Zr/KPWD3AlgZblCSyTXaYlwMW4RY1imlquz20AFQDnF2+5sK05jOmbd3ovV LujTUYWb69;
Authentication-Results: ams-dkim-1; header.From=elevyabe@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Cc: 'wdwang' <wdwang@bupt.edu.cn>, cga-ext@ietf.org
Subject: Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 08:44:02 -0000
Hi Arnaud, Arnaud Ebalard a écrit : > Hi, > > Eric Levy-Abegnoli <elevyabe@cisco.com> writes: > > >> Sheng, >> Currently, I see onle one possibility, which is A. It is >> un-ambiguously specified in rfc3971. >> > > I respectfully disagree (not on the definitive solution). My previous > post in March 2008 and the one from Sheng just prove this is not > "un-ambiguously" specified. > > complicated, or not detailed enough does not mean it is ambiguous. I read: Digital Signature A variable-length field containing a PKCS#1 v1.5 signature, constructed by using the sender's private key over the following sequence of octets: [snip] 4. The 8-bit Type, 8-bit Code, and 16-bit Checksum fields from the ICMP header. ... It does not say "0", it says checksum from the icmp header. How could "0" be the checksum of the icmp header? I agree clarification would be useful, given that several implementors are asking for it. No question on that. I disagree that there are several ways of interpreting it. Basically, you have a well-formed icmp message, which include a valid checksum, and you build a pseudo message by taking a number of fields out of it, including the checksum, and then you sign it.Once you have added your RSA option, another specification (icmp) mandate that you fix the checksum to make it correct. >> And it has been implemented by multiple vendors. >> > > I checked the code and NTT Docomo SEND daemon does 'A' (i should have > checked before my first reply to Sheng): > > It computes the checksum on current ICMPv6 message before the Signature > computation, uses that during the signature step and then recomputes the > checksum after the signature option has been added to the message. > > So does the Juniper, Cisco (and a few others) implementations. Otherwise, they would not inter-operate. Eric >> Moving to B would not be backward compatible and would create >> inter-operability issues. >> > > Clarifying the spec would help in all cases. > > Cheers, > > a+ > >
- [CGA-EXT] SEND checksum issue in current RFC 3791… Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Eric Levy-Abegnoli
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Eric Levy-Abegnoli
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … gx su
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard