[CGA-EXT] SEND checksum issue in current RFC 3791 - update needed

Sheng Jiang <shengjiang@huawei.com> Thu, 17 September 2009 02:15 UTC

Return-Path: <shengjiang@huawei.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D5063A67B0 for <cga-ext@core3.amsl.com>; Wed, 16 Sep 2009 19:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.25
X-Spam-Level:
X-Spam-Status: No, score=-0.25 tagged_above=-999 required=5 tests=[AWL=2.349, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lisYKSaCWJvE for <cga-ext@core3.amsl.com>; Wed, 16 Sep 2009 19:15:17 -0700 (PDT)
Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [119.145.14.66]) by core3.amsl.com (Postfix) with ESMTP id B173D28C161 for <cga-ext@ietf.org>; Wed, 16 Sep 2009 19:15:17 -0700 (PDT)
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KQ300L1NFJG9W@szxga03-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 10:14:04 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KQ3007G4FJGIE@szxga03-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 10:14:04 +0800 (CST)
Received: from j66104a ([10.111.12.58]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KQ3009IVFJFUW@szxml04-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 10:14:04 +0800 (CST)
Date: Thu, 17 Sep 2009 10:14:03 +0800
From: Sheng Jiang <shengjiang@huawei.com>
To: cga-ext@ietf.org
Message-id: <000901ca373c$874238f0$3a0c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Thread-index: Aco3PIbZzhGFh729TRSV7un2qmCJVQ==
Cc: 'wdwang' <wdwang@bupt.edu.cn>
Subject: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 02:15:18 -0000

Hi, dear CSIer,

During our implementation of SEND & CGA, we discovered an issue in the
current RFC 3791, described as the following. An update is needed to solve
this issue.

Checksum issue in the current SEND definition RFC 3791.

In Section 5.2, RFC3791, digital signature is defined to sign data include
checksum fieds from ICMP header (bullet item 4), which should already be
calculated during the construction of message (the first step in Section
5.2.1). After RSA signature is attached, the original checksum value is no
longer valid. It should be recalsulated. However, this was not clearly
defined in RFC 3791. More importantly, the correspondent validation rule
must be defined on the receiver side too.

Best regards,

Sheng