> It does not say "0", it says checksum from the icmp header. > How could "0" be the checksum of the icmp header? > I agree clarification would be useful, given that several > implementors are asking for it. No question on that. > I disagree that there are several ways of interpreting it. > Basically, you have a well-formed icmp message, which include > a valid checksum, and you build a pseudo message by taking a > number of fields out of it, including the checksum, and then > you sign it.Once you have added your RSA option, another > specification (icmp) mandate that you fix the checksum to > make it correct.
For me, it seems clear from the definition that the input checksum should be already calculated without signature option. The unclear part is that the checksum should be recalculated after signature option attached. The current definition does not say so! And calculating checksum twice is an unusaul procedure. If this is not clarified, people won't get it right at the first shoot. For implementors, this is not a difficult bug to fix. Calculating checksum only once would obviously break ICMP. Then, implementor found out there should be checksum calculation once again. I guess that's why all the current implementation, including ours, have getten this right and have no inter-op issues happen. However, this IS a bug for standard document not to mention it. It is something we should fix it in the standard document. Cheers, Sheng _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
