Sheng,
Currently, I see onle one possibility, which is A. It is un-ambiguously specified in rfc3971. And it has been implemented by multiple vendors. Moving to B would not be backward compatible and would create inter-operability issues.
Eric
Sheng Jiang a écrit :
Hi, Arnaud,
Yes, it is an issue must be clearly clarified in the specification.
Actually, there are two possibility here (which makes more important that
specification should be clearly follow only one of them):
A, if we would like to follow the drscription in Section 5.2.1 RFC 3791, the
input of RSA signature should be a checksum calculated without RSA signature
and it will be recalculated after signature attached. On the receiver side,
ICMP checksum should be validated, then signature validate, then maybe
checksum validate again.
B, more efficiently, on the sender side, as you said, the input of RSA
signature should be a checksum with all 0, and after signature attached, the
checksim is computed over the whole packet. However, this makes the
signature over checksum totally meaningless. Alternatively, we may take
checksum bits out from the RSA signature input.
Additionally, there are intercommunication issues if a sender use A
implementation and a receiver uses B implementation.
Sum up, an update over the current definition RFC 3791 is needed on this
issue.
Cheers,
Sheng
-----Original Message-----
From: Arnaud Ebalard [mailto:[email protected]]
Sent: Thursday, September 17, 2009 2:02 PM
To: Sheng Jiang
Cc: [email protected]; 'wdwang'
Subject: Re: [CGA-EXT] SEND checksum issue in current RFC
3791 - update needed
Hi,
Sheng Jiang <[email protected]> writes:
During our implementation of SEND & CGA, we discovered an
issue in the
current RFC 3791, described as the following. An update is
needed to
solve this issue.
Checksum issue in the current SEND definition RFC 3791.
In Section 5.2, RFC3791, digital signature is defined to sign data
include checksum fieds from ICMP header (bullet item 4),
which should
already be calculated during the construction of message (the first
step in Section 5.2.1). After RSA signature is attached,
the original
checksum value is no longer valid. It should be
recalsulated. However,
this was not clearly defined in RFC 3791. More importantly, the
correspondent validation rule must be defined on the
receiver side too.
I already reported that same issue some time ago and the good
way to understand the spec is to compute the signature over
the packet with the checksum field to 0. Then, the checksum
is computed over the whole packet. But I agree that the spec
is unclear on that.
See my post and Eric's reply here:
http://www.ietf.org/mail-archive/web/cga-ext/current/msg00098.html
Cheers,
a+
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
