Hi, Sheng Jiang <[email protected]> writes:
> During our implementation of SEND & CGA, we discovered an issue in the > current RFC 3791, described as the following. An update is needed to solve > this issue. > > Checksum issue in the current SEND definition RFC 3791. > > In Section 5.2, RFC3791, digital signature is defined to sign data include > checksum fieds from ICMP header (bullet item 4), which should already be > calculated during the construction of message (the first step in Section > 5.2.1). After RSA signature is attached, the original checksum value is no > longer valid. It should be recalsulated. However, this was not clearly > defined in RFC 3791. More importantly, the correspondent validation rule > must be defined on the receiver side too. I already reported that same issue some time ago and the good way to understand the spec is to compute the signature over the packet with the checksum field to 0. Then, the checksum is computed over the whole packet. But I agree that the spec is unclear on that. See my post and Eric's reply here: http://www.ietf.org/mail-archive/web/cga-ext/current/msg00098.html Cheers, a+ _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
