Hi, dear CSIer, During our implementation of SEND & CGA, we discovered an issue in the current RFC 3791, described as the following. An update is needed to solve this issue.
Checksum issue in the current SEND definition RFC 3791. In Section 5.2, RFC3791, digital signature is defined to sign data include checksum fieds from ICMP header (bullet item 4), which should already be calculated during the construction of message (the first step in Section 5.2.1). After RSA signature is attached, the original checksum value is no longer valid. It should be recalsulated. However, this was not clearly defined in RFC 3791. More importantly, the correspondent validation rule must be defined on the receiver side too. Best regards, Sheng _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
