IETF Logo Mail Archive

[AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE and TURN)

Roman Shpount <roman@telurix.com> Wed, 29 April 2026 17:56 UTC

Return-Path: <roman@telurix.com>
X-Original-To: avt@mail2.ietf.org
Delivered-To: avt@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 76667E5DD785 for <avt@mail2.ietf.org>; Wed, 29 Apr 2026 10:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777485372; bh=D88oKpq6Bv9O6i+bFzl6owigD3fvXjr5on0U7z00JL4=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=PGDrZ0jMAqIyxGLeS6p5o5gC/HZ7iLeiSekPMm/YXadQQAk4Bk6j1L3urFwY2XHY3 75XmXGFKF9eW+WUpXCKobhpZKM7RcCloztCz/gDtLU7dvpL99RbyfBCQDxFJMDVfq7 iC49U+3yY12ZCKaIINIX3jB0QdrtE2ZPg+WXGo3g=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=telurix.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Etrhi2xxfv2W for <avt@mail2.ietf.org>; Wed, 29 Apr 2026 10:56:12 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 210CCE5DD6D9 for <avt@ietf.org>; Wed, 29 Apr 2026 10:55:37 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-38de6ec76e0so52771fa.0 for <avt@ietf.org>; Wed, 29 Apr 2026 10:55:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix.com; s=google; t=1777485336; x=1778090136; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=D88oKpq6Bv9O6i+bFzl6owigD3fvXjr5on0U7z00JL4=; b=mBzV4a1tUn/pd/kTawfh49YjWUqVcL+dWnUIEPKHSqS+4Nhee17EgL+jfWArYpP2LZ DwMYyWPy1BCS9dAXDGi6f16DqaJwqleSAu7MFjjDpt9Zrjhgv1ELPjx8R3zvJEWo0sNR YeRSQ6RuAE4sl+T6dtxmLKTNEp3wVujdToXW4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777485336; x=1778090136; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=D88oKpq6Bv9O6i+bFzl6owigD3fvXjr5on0U7z00JL4=; b=sPJTnp047ggrA1DuphX6D4IGtPiuhfniOcMs9og79jZC7rLTVzmVEbGxIeg6drS8Gk v+cR11GCANVgFT1M5Xn8MFY1AOX7ozYAc6zE0+l6CStaViRHB0M05yJXbNfjvhl1nDOn aGq0Rls3sFKt3k4fVO5jB7MG42MSPZEJctSOADZopGDQA1+SFwQ+fRvcUvM48boZCfh4 OQAs9CGQxQIiXH55xkyG0Rdiy8VtR4UBk+82Bm6mGO/vrmtX4TrxNznVv4dJPU1kg5Xc WqhkHqtUbx1xYbMUR2Alryo9NCt+K16EMRIr2HgY9aHlFk6k3X9gp2xw6GpFnsKUaeOb ZPLw==
X-Gm-Message-State: AOJu0YzobeijDnNlwEKMzg6BMMi0X31OO05OagK1M3hgQK3HS4+OxxN8 uPbgQ6yDAS5386D/engk1afxL2gVXLH+v0l+ZhC9HSHidOqeTHMM0cr5gicwD5vcChiBA7KaQu8 VaDQwBSY=
X-Gm-Gg: AeBDietF2MMk4792rNUgQWGO7DBtxmtbUV8d/W64fnkvZ08uKx9T+d3tXJ87oY7wBss xsLn9iuEIhm0Y4HTjpWPQ2ICAWyeTR7itgocmvsacXeRNjZFa1Z0LYdsN1Ak03oocxohy5khs9o yfqt+VA0CgkcP9Gzo59Ckst7SSwAU9s0zx0+jtmMoEbsaZ6DqEhkomvTSW9bFrhzfB8JuSDAs+c 9mBZ/qPFuDl1jL+I1aFXnaZDfyXn5vwoY42VILY3syssdN9R33CdOsK71atqUd7NcfW6eqme8HO O4DeU6WoIK4aVcls8G0JlHEOclDSseVh4Ng6lkI9CUemio4c+adwmR/uPUXf+0oPqoLlIsZ+yWD iKz9UZ02DJkyz/4huisHk9gmlxsgetFS2aeGSSuzsEepJjwz9S4Ro9Nh3ZFsnuUHkPx1eTTur+e sFDs5mt8VYu0U/bTy6WD9dTE9Tl/imL+B/S1EVUZ43L/AqDb7vN12UPMAxH0anz5o7XDI=
X-Received: by 2002:a05:651c:20d3:b0:38a:4106:3fe2 with SMTP id 38308e7fff4ca-3923ee1f735mr10270581fa.7.1777485335648; Wed, 29 Apr 2026 10:55:35 -0700 (PDT)
Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com. [209.85.167.52]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-3924fa7cc25sm7494631fa.22.2026.04.29.10.55.35 for <avt@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 29 Apr 2026 10:55:35 -0700 (PDT)
Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-5a3d1561e38so15848e87.0 for <avt@ietf.org>; Wed, 29 Apr 2026 10:55:35 -0700 (PDT)
X-Received: by 2002:a05:6512:238d:b0:5a2:b0ba:7187 with SMTP id 2adb3069b0e04-5a749d296c4mr1704631e87.40.1777485334896; Wed, 29 Apr 2026 10:55:34 -0700 (PDT)
MIME-Version: 1.0
References: <CADxkKiLYgvD55xnBQCXMVqrzSepkA5VjLshAheCXtg7+G9BHpg@mail.gmail.com> <CAD5OKxuc-eadFOG8GgqXa9QyJ6THeoRhR2G=q9vRi0_UEjqmJA@mail.gmail.com> <CAD5OKxtNVHPgWnJhsgjf8n0ZUdE0be2QVaAyGe0Q_8vOiXpKTA@mail.gmail.com> <CADxkKi+fW0Z209FWzqFE+WyHE6s+TR4tKgbpingJyUeCyR1SPg@mail.gmail.com>
In-Reply-To: <CADxkKi+fW0Z209FWzqFE+WyHE6s+TR4tKgbpingJyUeCyR1SPg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 29 Apr 2026 13:55:21 -0400
X-Gmail-Original-Message-ID: <CAD5OKxuc8GPqaKZrQdnFeRb7vf=kqRZ5Zn9r4RkRHto-BOYYCg@mail.gmail.com>
X-Gm-Features: AVHnY4ILkQav4qGlsRjNrK6CtjZwiP54E2wc_Xt0MLhLuM-Ym381rwUAsgnSKMA
Message-ID: <CAD5OKxuc8GPqaKZrQdnFeRb7vf=kqRZ5Zn9r4RkRHto-BOYYCg@mail.gmail.com>
To: Philipp Hancke <philipp.hancke@googlemail.com>
Content-Type: multipart/alternative; boundary="000000000000faea0506509d0d5d"
Message-ID-Hash: XVNGJNALX7JFBDWLETH4BNHWG2L7KK6T
X-Message-ID-Hash: XVNGJNALX7JFBDWLETH4BNHWG2L7KK6T
X-MailFrom: roman@telurix.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-avt.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF AVTCore WG <avt@ietf.org>, tsvwg@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [AVTCORE] Re: STUN SHA-256 usage in WebRTC (ICE and TURN)
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/DeKjvTu3OB-6jxxeoThDyEsN1Rk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Owner: <mailto:avt-owner@ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Subscribe: <mailto:avt-join@ietf.org>
List-Unsubscribe: <mailto:avt-leave@ietf.org>

On Wed, Apr 29, 2026 at 1:23 PM Philipp Hancke <
philipp.hancke@googlemail.com> wrote:

> Am Mi., 29. Apr. 2026 um 18:32 Uhr schrieb Roman Shpount <
> roman@telurix.com>:
>
>> On Wed, Apr 29, 2026 at 12:20 PM Roman Shpount <roman@telurix.com> wrote:
>>
>>> It looks like the details of the MESSAGE-INTEGRITY-SHA256 implementation
>>> were fully considered. What is described in RFC 8489 is counterproductive.
>>> If MESSAGE-INTEGRITY-SHA256 is comprehension-required, including
>>> MESSAGE-INTEGRITY also makes STUN messages less secure. It should have been
>>> in the comprehension-optional range.
>>>
>>> You should also consider the increase in STUN message size. Adding
>>> optional MESSAGE-INTEGRITY-SHA256 will result in an extra 32 bytes in each
>>> STUN request.
>>>
>>
>> I meant to say the details of the MESSAGE-INTEGRITY-SHA256 implementation
>> were NOT fully considered.
>>
>
> Heh! I assume the RFC is not fixable as an error but requires an update?
>
> The downgrade attack argument is good (applies to most hash agility plans
> I have seen though?) but if we need an ice-option or url parameter anyway
> it goes away.
> This reduces the concern about increasing overhead on initial messages
> requests would have to include both variants (4+20 plus 4 + 32) so we are
> only increasing packet size by 12 bytes?
>
> Thanks Roman for helping me think!
>

I think we can write a new RFC that defines an ice-option
for MESSAGE-INTEGRITY-SHA256. This will define a new STUN usage and will
allow us to define when MESSAGE-INTEGRITY-SHA256 is used instead of
MESSAGE-INTEGRITY without changing RFC 8489.

We will also need an RFC 7065 update to define a new TURN URL parameter to
enable SHA256.
_____________
Roman Shpount

v2.46.0 | Report a Bug | By Email | System Status