[AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE and TURN)
Philipp Hancke <philipp.hancke@googlemail.com> Wed, 29 April 2026 17:56 UTC
Return-Path: <philipp.hancke@googlemail.com>
X-Original-To: avt@mail2.ietf.org
Delivered-To: avt@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 115DAE5DD774 for <avt@mail2.ietf.org>; Wed, 29 Apr 2026 10:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777485372; bh=tYJSfkN2advth7XOKCrJKwy494rfrhtpCdKyb3drK4s=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=uuKGvdWeOBrMr2+lhk8RzUhBx76j2Xg7F///h4xK7ONIXAYz07p1cI66lRKaiCcuT 6u94o+/6zxvpTdmQ+ZKnEzUvPn4+UGw1K9M62kXfduJxD4IT413EOpNF8k6+ts4JzN vJnf5fV+LIpEsTyWsu62VzLNekDHtSq3DLurT+Qo=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IXpBJPHb6Zs for <avt@mail2.ietf.org>; Wed, 29 Apr 2026 10:56:11 -0700 (PDT)
Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 37D28E5DD6C7 for <avt@ietf.org>; Wed, 29 Apr 2026 10:55:16 -0700 (PDT)
Received: by mail-qv1-xf36.google.com with SMTP id 6a1803df08f44-8a08fa355a1so1406736d6.0 for <avt@ietf.org>; Wed, 29 Apr 2026 10:55:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1777485316; cv=none; d=google.com; s=arc-20240605; b=EklEZKZpyXjrXdEQqPiIsTvxeIxJNS5SW6X/PzBjLqBP/uti6hKJIcTTDtIr9QhAwP x49X33SxQS70y8Va/tSho7sFhjPsRKaKgAc3zQzGux/yFDUVglAcYBk+auS6yz6/jz+V FE4SQmT7bya3bJKFrSX2R0roMA5MGduRvDDeCxG4z0X+4eE1bqur7CyiRkIAD9w6HeoX H2/Tpke18Nt9vTck2Ey+ZrL33ZbLB3tIcfXCno/XyTBKYL4hMjVUvOtiu9we/3oxN4Ee Sns52m5H0TOu1gMKNAumrIFa2oLUCMzT8QLOQh8KmonfDrKyLSa3Oit3beL5DxA/Zm/b aBwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=15an7scxZYQ0x2TvKJuRSuRiOLb8qpfogGNmRxCuMZM=; fh=AbzXTwh9ygy8Dhlgaq6bIVYD4Wwa0MKwqCJsnjC7b60=; b=aVSMAHEHex6NpkAFpZxvBT7OEb8yOYAACpD+E0ekeYePnIo0pBx/diVyWGJDeMCC4D sy5YuORa20N9drJluK+R0rQmENrlL8XjXRmFHfP2H5/j/uj1gwfOh6eeNYKrPKJREXlb +CBNBJJpBPD7fDStWLBIYmeugO7j4mNdY50RHgWA0AEyYjkp6wTyxXXOyTf8/PuQ7d+q xTiqMPhVaZga//ikq03h+s0G4PD8G89tDO574FwkIewt/7UHf7frBnV/NKeCWQZNh/Xq hOcvvpT8RpP05AAnNnySSEo2JqovVi3FoTV1vIh8gNpVs1DYZlMV7uFQPJKJxyVFFjhX bjgw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20251104; t=1777485316; x=1778090116; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=15an7scxZYQ0x2TvKJuRSuRiOLb8qpfogGNmRxCuMZM=; b=tKLyJushp4gxEKAMbzZkPGvdpDjRpdiAL3EqYR6zzGxHLRP64RpYjw5v//n4iFNqLG 3Pj+my58/m+HJwJC0nQQELIMMP4YysG7QugYUhd5JPNFUCAboJIdIYAWRJiT6/4SsqXi RYWDiJ3aR+1maLKLlmEjhAnYkc6QEYIGsTiFokY4a9a7ctcEGtGpC30QlIFbNuKBygqu OEMtLt5MuwzD12ff1uiurhXBJ6ytl11utvi59809SKaPJH2CucbbFoIjX8/NRJgRXCcb 6cp3ldoLfDF4E1OqILvUECSLbKnUVNMw8clgCLOVemndvvAm9Oa1hTLQw8gotsqsambR mjrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777485316; x=1778090116; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=15an7scxZYQ0x2TvKJuRSuRiOLb8qpfogGNmRxCuMZM=; b=psRIc1+6iqEx9Eh/jI3is95gVZ90oydWiD8Bl4oHt2gShXUSCMEsdgsd4dLwfTjMDJ wYx2f0Fdqzpf9gP8CjWMuYagchNYzdAupJuk3jqo8ITZfT7DOgX+LBfiegXy/rsBQj68 J4K6LMs5Zb7CRjwqqms0596zTiYnNMpR8oR3MD+Nz1UUrC6MIhIOLwJj5tlC/hlmzC7u 1UAcEWN7ShKUc/gY/N04LgP8AmASX7rH/MpBtWbHCBdxLZncst4bq8nATXrKoVDb2rac clQIMeCcaswqAtAjzTVHssZ0AxeqgfBcxep2ZK3kpoZvM6hA3Vp2CM52h3TPDQLZHczA yLPw==
X-Gm-Message-State: AOJu0YwvfcKsdNBSp94PKG3/GANrd2UXdV1b5vfC1VV8RflAclzblqNT +3hVtehu0hEw1b414bJIhRtZHec4hm5Xyi2r6EButtQNRf6KbWDhuCqWUs69WpTIE2HRpjU+EmI zSOjy5AFwmJHK72C4aW6DKAoMgKbN2u4=
X-Gm-Gg: AeBDieuykXVXFIeq53K6yBPPhmqiR3i78BaD6uKd+aEi/V8jY3KKM2hZw1k0dnsJ5qF Hw7+knxb3qv3JM+bNqMZ+mwnYvLlF5EhGg5PKj3WMPFpcxTWCWjcjuBqhVykESZhllwFGhv76G3 SvJNW+lDobHfsqUBhoBSZxbSPGv3WlG4aqZq18AW3Fr5XJ726Z+8rsSgtT7EIu0fQ/InTv1qEBZ zJTbC5MBDQ+YN2U21a7tHgQx1pWI6lMTp5UKQQ8QXP41SEXPW38bO+gPrbBywe4U9rbr2OvXCZX dqwUiaU2LkyLLJ6zWA0mqCfwX9vwoeUcRM1QiwUHVJNUyUe/hXBgA8OOv7QlQrJwT9AmNy0hmXl gFOa6mJ3KjcHoM4DfkFSAQKWyX3d6tHRz4euu3i2tTVwb1MupfdOWhlsFlnY65Q==
X-Received: by 2002:a05:622a:5c86:b0:50e:6165:11e5 with SMTP id d75a77b69052e-5100e0fbbe7mr116505361cf.2.1777485315634; Wed, 29 Apr 2026 10:55:15 -0700 (PDT)
MIME-Version: 1.0
References: <CADxkKiLYgvD55xnBQCXMVqrzSepkA5VjLshAheCXtg7+G9BHpg@mail.gmail.com> <CAD5OKxuc-eadFOG8GgqXa9QyJ6THeoRhR2G=q9vRi0_UEjqmJA@mail.gmail.com> <CAD5OKxtNVHPgWnJhsgjf8n0ZUdE0be2QVaAyGe0Q_8vOiXpKTA@mail.gmail.com> <CADxkKi+fW0Z209FWzqFE+WyHE6s+TR4tKgbpingJyUeCyR1SPg@mail.gmail.com>
In-Reply-To: <CADxkKi+fW0Z209FWzqFE+WyHE6s+TR4tKgbpingJyUeCyR1SPg@mail.gmail.com>
From: Philipp Hancke <philipp.hancke@googlemail.com>
Date: Wed, 29 Apr 2026 19:55:07 +0200
X-Gm-Features: AVHnY4Igmi0UX_jvMsHsqwpV6OkqCxUehiKljFkn66n0Jnl2KNPH6bmdw_j6Aq0
Message-ID: <CADxkKiJW2jjc1=iOWMjUAMtWizM8piSt+5b3T1Z4qCovsnNYcA@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: multipart/alternative; boundary="000000000000d4faba06509d0ca2"
Message-ID-Hash: JAJN6KBTF74J6BIV4WBQ2HR4CSXMTJDM
X-Message-ID-Hash: JAJN6KBTF74J6BIV4WBQ2HR4CSXMTJDM
X-MailFrom: philipp.hancke@googlemail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-avt.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF AVTCore WG <avt@ietf.org>, tsvwg@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE and TURN)
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/4BQkpRc9AU8_iQ5fNBhmD7aY1T0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Owner: <mailto:avt-owner@ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Subscribe: <mailto:avt-join@ietf.org>
List-Unsubscribe: <mailto:avt-leave@ietf.org>
After reading a bit more (with help): - TURN is solved by the initial response having a password-algorithms attribute. - the RFC 8489 hash agility plan changed. https://www.rfc-editor.org/rfc/rfc8489#section-16.3 says that STUN clients and servers using the short-term credential mechanism will need to update the external mechanism that they use to signal what message-integrity attributes are in use which simply was never done for ICE? Am Mi., 29. Apr. 2026 um 19:23 Uhr schrieb Philipp Hancke < philipp.hancke@googlemail.com>: > Am Mi., 29. Apr. 2026 um 18:32 Uhr schrieb Roman Shpount < > roman@telurix.com>: > >> On Wed, Apr 29, 2026 at 12:20 PM Roman Shpount <roman@telurix.com> wrote: >> >>> It looks like the details of the MESSAGE-INTEGRITY-SHA256 implementation >>> were fully considered. What is described in RFC 8489 is counterproductive. >>> If MESSAGE-INTEGRITY-SHA256 is comprehension-required, including >>> MESSAGE-INTEGRITY also makes STUN messages less secure. It should have been >>> in the comprehension-optional range. >>> >>> You should also consider the increase in STUN message size. Adding >>> optional MESSAGE-INTEGRITY-SHA256 will result in an extra 32 bytes in each >>> STUN request. >>> >> >> I meant to say the details of the MESSAGE-INTEGRITY-SHA256 implementation >> were NOT fully considered. >> > > Heh! I assume the RFC is not fixable as an error but requires an update? > > The downgrade attack argument is good (applies to most hash agility plans > I have seen though?) but if we need an ice-option or url parameter anyway > it goes away. > This reduces the concern about increasing overhead on initial messages > requests would have to include both variants (4+20 plus 4 + 32) so we are > only increasing packet size by 12 bytes? > > Thanks Roman for helping me think! > >>
- [AVTCORE] STUN SHA-256 usage in WebRTC (ICE and T… Philipp Hancke
- [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE a… Roman Shpount
- [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE a… Roman Shpount
- [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE a… Philipp Hancke
- [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE a… Philipp Hancke
- [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE a… Roman Shpount