[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checksum (Re: KINK issue list)

To: ietf-kink@xxxxxxxx
Subject: Re: Checksum (Re: KINK issue list)
From: "KAMADA Ken'ichi" <kamada@xxxxxxxxxx>
Date: Mon, 31 Jan 2005 09:35:09 +0900
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <> <> <> <> <> <> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx
User-agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.3.50 (i386-unknown-netbsdelf2.0G) MULE/5.0 (SAKAKI)

At Thu, 27 Jan 2005 20:47:56 -0500,
Ken Raeburn <raeburn@xxxxxxx> wrote:
> 
> > - 2) makes me nervous because I don't know whether it makes some
> >   kinds of attacks easy (e.g. adding junk data at the end of payloads
> >   in order to collide the checksum).
> 
> How about including length-without-checksum in the calculation of the 
> checksum, instead of a zero?

This seems to work.

So current proposed solution is:
- Use required-to-implement checksum type determined by the etype.
- Use get_mic or verify_mic function to generate or verify the checksum.
- Omit the checksum field before calculation.
- The Length field is filled with the packet length without checksum and
  the CksumLen field is zeroed out before the calculation.

-- 
KAMADA Ken'ichi <kamada@xxxxxxxxxx>

References:
- who will edit the draft ?
  - From: Shoichi Sakane
- Re: who will edit the draft ?
  - From: KAMADA Ken'ichi
- KINK issue list
  - From: KAMADA Ken'ichi
- Checksum (Re: KINK issue list)
  - From: KAMADA Ken'ichi
- Re: Checksum (Re: KINK issue list)
  - From: Ken Raeburn
- Re: Checksum (Re: KINK issue list)
  - From: KAMADA Ken'ichi
- Re: Checksum (Re: KINK issue list)
  - From: Ken Raeburn

Prev by Date: Re: AD Review: draft-ietf-kink-kink [starting at section 5]
Next by Date: Re: AD Review: draft-ietf-kink-kink [starting at section 5]
Previous by thread: Re: Checksum (Re: KINK issue list)
Next by thread: Re: Checksum
Index(es):
- Date
- Thread