Hi, dear CSIers, We are a team from BUPT (Beijing University of Posts & Telecommunications) and we (including gx su) have been implementing the SeND for months.
I've read the discussions about SeND cksum issue and I've got some opinions to share. Firstly, when we encounter the problem, we took solution A, since our implementation is based on LINUX kernel and we do not want to change the NDP implementation in it. But it causes the sender to recompute the cksum before sending messages and the receiver to recover cksum before signature verification. I think some sort of clarification should be made inorder to avoid misunderstanding. Secondly, nowadays security issues become more and more important for Internet. I think authentications using signature will be applied in many other scenarios in future, and the cksum signature problem might happen again. Shall we do something about this? Best regards, Quanchao Hui 2009/9/17 <[email protected]> > If you have received this digest without all the individual message > attachments you will need to update your digest options in your list > subscription. To do so, go to > > https://www.ietf.org/mailman/listinfo/cga-ext > > Click the 'Unsubscribe or edit options' button, log in, and set "Get > MIME or Plain Text Digests?" to MIME. You can set this option > globally for all the list digests you receive at this point. > > > > Send CGA-EXT mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/cga-ext > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CGA-EXT digest..." > > > Today's Topics: > > 1. SEND checksum issue in current RFC 3791 - update needed > (Sheng Jiang) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 17 Sep 2009 10:14:03 +0800 > From: Sheng Jiang <[email protected]> > Subject: [CGA-EXT] SEND checksum issue in current RFC 3791 - update > needed > To: [email protected] > Cc: 'wdwang' <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Hi, dear CSIer, > > During our implementation of SEND & CGA, we discovered an issue in the > current RFC 3791, described as the following. An update is needed to solve > this issue. > > Checksum issue in the current SEND definition RFC 3791. > > In Section 5.2, RFC3791, digital signature is defined to sign data include > checksum fieds from ICMP header (bullet item 4), which should already be > calculated during the construction of message (the first step in Section > 5.2.1). After RSA signature is attached, the original checksum value is no > longer valid. It should be recalsulated. However, this was not clearly > defined in RFC 3791. More importantly, the correspondent validation rule > must be defined on the receiver side too. > > Best regards, > > Sheng > > > > ------------------------------ > > _______________________________________________ > CGA-EXT mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cga-ext > > > End of CGA-EXT Digest, Vol 29, Issue 2 > ************************************** >
_______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
