Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
Sheng Jiang <shengjiang@huawei.com> Thu, 17 September 2009 10:00 UTC
Return-Path: <shengjiang@huawei.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D18B93A68D3 for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 03:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.397
X-Spam-Level:
X-Spam-Status: No, score=-0.397 tagged_above=-999 required=5 tests=[AWL=0.098, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YNPG0ErBtS4S for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 03:00:33 -0700 (PDT)
Received: from szxga01-in.huawei.com (unknown [119.145.14.64]) by core3.amsl.com (Postfix) with ESMTP id EAF1E3A686B for <cga-ext@ietf.org>; Thu, 17 Sep 2009 03:00:32 -0700 (PDT)
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KQ40065215X2G@szxga01-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 18:01:10 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KQ400ESY15XGH@szxga01-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 18:01:09 +0800 (CST)
Received: from j66104a ([10.111.12.58]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KQ400AJ115X6L@szxml04-in.huawei.com> for cga-ext@ietf.org; Thu, 17 Sep 2009 18:01:09 +0800 (CST)
Date: Thu, 17 Sep 2009 18:01:09 +0800
From: Sheng Jiang <shengjiang@huawei.com>
In-reply-to: <4AB1F701.1060805@cisco.com>
To: 'Eric Levy-Abegnoli' <elevyabe@cisco.com>, 'Arnaud Ebalard' <arno@natisbad.org>
Message-id: <002a01ca377d$c7dbf040$3a0c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: Aco3c1pYOG8wWYJ3Q86BRtZvgR3TaAACI0vw
Cc: 'wdwang' <wdwang@bupt.edu.cn>, cga-ext@ietf.org
Subject: Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 10:00:33 -0000
> It does not say "0", it says checksum from the icmp header. > How could "0" be the checksum of the icmp header? > I agree clarification would be useful, given that several > implementors are asking for it. No question on that. > I disagree that there are several ways of interpreting it. > Basically, you have a well-formed icmp message, which include > a valid checksum, and you build a pseudo message by taking a > number of fields out of it, including the checksum, and then > you sign it.Once you have added your RSA option, another > specification (icmp) mandate that you fix the checksum to > make it correct. For me, it seems clear from the definition that the input checksum should be already calculated without signature option. The unclear part is that the checksum should be recalculated after signature option attached. The current definition does not say so! And calculating checksum twice is an unusaul procedure. If this is not clarified, people won't get it right at the first shoot. For implementors, this is not a difficult bug to fix. Calculating checksum only once would obviously break ICMP. Then, implementor found out there should be checksum calculation once again. I guess that's why all the current implementation, including ours, have getten this right and have no inter-op issues happen. However, this IS a bug for standard document not to mention it. It is something we should fix it in the standard document. Cheers, Sheng
- [CGA-EXT] SEND checksum issue in current RFC 3791… Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Eric Levy-Abegnoli
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Eric Levy-Abegnoli
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … Sheng Jiang
- Re: [CGA-EXT] SEND checksum issue in current RFC … gx su
- Re: [CGA-EXT] SEND checksum issue in current RFC … Arnaud Ebalard