Francis Dupont writes: ND packets are local to the link so nobody can change them. I propose to use this property to make signature stuff simpler: forget the "AH rules" and just sign the whole IP packet as it is. ---- Jari Arkko responds: Good point! Yes, we should do this. Or rather, I should check that the ND options draft does this, and fix it if it doesn't already behave like that. ---- Jari Arkko writes: The newest specification version will sign the CGA Message Type, the IP header, and the Neighbor Discovery message. ---- Tuomas Aura writes: BTW, I believe that we should not be signing the entire packet. I'd rather define pseudo-message that contains only the relevant fields and sign that. Some arguments for signing pseudo-messages: (1) We need to define some kind of pseudo-messages anyway because some IP header fields and the signature itself need to be excluded from the signed part. (2) If the entire packet is singed, it becomes necessary to guess the size of the signature before signing. This may be relatively easy but ugly anyway. (3) Protocol extensions, such as proxy ND and RD, may need to include the signed SEND message in another message or to have multiple signatures on a single SEND message. ---- Jari Arkko responds to Tuomas Aura: > (1) We need to define some kind of pseudo-messages anyway because > some IP header fields and the signature itself need to be excluded > from the signed part. Not the header fields, since this is local traffic. Francis pointed this out earlier. But yes for the signature itself. > (2) If the entire packet is singed, it becomes necessary to guess > the size of the signature before signing. This may be relatively easy > but ugly anyway. Yes. > (3) Protocol extensions, such as proxy ND and RD, may need to > include the signed SEND message in another message or to have > multiple signatures on a single SEND message. Perhaps. But I think its more likely that we'd have a Certificate option somewhere to carry the authorization of the original address owner to the new node. Allright. How about this text: Digital Signature This variable length field contains the signature made using the sender's private key, over the the following sequence of octets: 1. The 128-bit CGA Message Type [27] value for SEND, 0xXXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX (To be generated randomly). 2. The 128-bit Source Address field from the IP header. 3. The 128-bit Destination Address field from the IP header. 4. The 32-bit ICMP header, i.e., the Type, Code, and Checksum fields. 5. The Neighbor Discovery message header, i.e., the Reserved field in the Router Solicitation message, the Cur Hop Limit, M, O, Reserved, Router Lifetime, Reachable Time, and Retrans Timer fields in the Router Advertisement message, Reserved and Target Address fields in the Neighbor Solicitation message, R, S, O, Reserved, and Target Address fields in the Neighbor Advertisement message, and Reserved, Target Address, and Destination Address fields in the Redirect message. 6. All options preceding the Signature option. ---- ---- ----