IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 07 April 2016 15:29 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E84512D0FD for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 08:29:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5Ajggru-bVu for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 08:28:59 -0700 (PDT)
Received: from resqmta-ch2-04v.sys.comcast.net (resqmta-ch2-04v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC3612D5C8 for <mmusic@ietf.org>; Thu, 7 Apr 2016 08:21:36 -0700 (PDT)
Received: from resomta-ch2-18v.sys.comcast.net ([69.252.207.114]) by comcast with SMTP id oBhRaP37GnIc7oBkVaNNww; Thu, 07 Apr 2016 15:21:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460042495; bh=cauR6ceFtPXUgAGkjoaTKJzDIZuHx1rt6ELN3vJdrl4=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=QXNeiNZo+VKQ8LQcc1QXnEkzK2wlkJkYtmmjv2ET3eO8D2qmiWfdTQAIllWbNba3X RMgWNba47EJpZcp5sSSK0u6kBI5D1brYYreFeDLlwOydoPqA3DeGQVP445ckxfg5P9 WHaT9LjkRavvU9naj20qTzQSRO6eUI84AI84oSTCeUyOhi7BSpRdr7mhO3wRxPZZXu 4ItU7r0BgpslsgMHexMjB8a7NHO+26Yx5YdGR4ZC0YaR9AFsMtFafU+BlXqsqNDsA9 VZylhAKnlNKb7O5yCJWIjYdUNl/yjM72UCn6Ta2Jr7bJ++RxUA66LsY72Rnhz1dX5m Bp2br3CZVCC/g==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-18v.sys.comcast.net with comcast id fTMb1s0043KdFy101TMbWi; Thu, 07 Apr 2016 15:21:35 +0000
To: mmusic@ietf.org
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <57067AFE.9070704@alum.mit.edu>
Date: Thu, 07 Apr 2016 11:21:34 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/0dDru3gUg3GMlN-CcDWjmsLd1d8>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 15:29:05 -0000

On 4/7/16 10:06 AM, Martin Thomson wrote:
> On 7 April 2016 at 10:35, Christer Holmberg
> <christer.holmberg@ericsson.com> wrote:
>>> If we do this, it removes some of the questions about “do you need to verify a fingerprint for every >hash algorithm, or only one.”
>>
>> What about saying that one MUST match on the strongest hash received?
>
> Maybe three pieces of advice are right.
>
> 1. Implement the strongest hash you can
> 2. Check all the hashes you can

If you check the strongest hash you can and it succeeds, then what is 
the point of checking any others? The one check should be sufficient if 
there is only one stream. It is a bit more complex if there are multiple 
streams (e.g., RTP and RTCP).

How about:

1) implement as many as you can of hashes you consider strong enough.

2) for all the streams you are originating:
    include fingerprints using all the hashes you support.
    (Or is it ok to include fewer?)

3) for streams you are receiving:

3.1) discard any fingerprints using hashes you don't support,
      and any that you consider too weak to be trusted.

3.2) sort the remaining fingerprints, strongest hashes first.

3.3) for each stream, check fingerprints from the list in order
      until you find one that matches.
      Reject the session if none match.

	Thanks,
	Paul

> 3. Don't accept a session if you can only check weak hashes
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email