IETF Logo Mail Archive

Re: [MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-4572-update-12: (with COMMENT)

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 01 February 2017 20:04 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90A77129573; Wed, 1 Feb 2017 12:04:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqwRqJcdpbj6; Wed, 1 Feb 2017 12:04:50 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95A03129572; Wed, 1 Feb 2017 12:04:49 -0800 (PST)
X-AuditID: c1b4fb3a-d5ffb70000004068-86-58923f5e67c8
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.183.54]) by (Symantec Mail Security) with SMTP id DD.FB.16488.E5F32985; Wed, 1 Feb 2017 21:04:48 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.76]) by ESESSHC012.ericsson.se ([153.88.183.54]) with mapi id 14.03.0319.002; Wed, 1 Feb 2017 21:04:40 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
Thread-Topic: Alissa Cooper's No Objection on draft-ietf-mmusic-4572-update-12: (with COMMENT)
Thread-Index: AQHSfLiANa/BcGrwW06zr+Sq61BcZKFUkZKA
Date: Wed, 01 Feb 2017 20:04:39 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B4BFD8E04@ESESSMB209.ericsson.se>
References: <148597343438.19146.978420245557276514.idtracker@ietfa.amsl.com>
In-Reply-To: <148597343438.19146.978420245557276514.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEIsWRmVeSWpSXmKPExsUyM2K7mW6C/aQIgzUHmCymn/nLaHHw4jJW i/cXdC1m/JnIbHF+53omi6nLH7M4sHlM+b2R1ePLk5dMHkuW/GQKYI7isklJzcksSy3St0vg ynh15xNTwReBiq6509kaGPcIdDFyckgImEhMeLWerYuRi0NIYB2jxMeDm5khnEWMEtc/H2Tq YuTgYBOwkOj+pw3SICJgLzHt6g82EJtZoJNJYtJ5RxBbWCBeYsqHvawQNQkSZ6a1sEPYRhIn v04Gs1kEVCRmP9jBDGLzCvhKrJh8kxHEFhLwkfjz7xdYDSdQfO33+WA2o4CYxPdTa5ggdolL 3HoynwniaAGJJXvOM0PYohIvH/9jhbCVJBqXPGEFOZlZQFNi/S59iFZFiSndD9kh1gpKnJz5 hGUCo+gsJFNnIXTMQtIxC0nHAkaWVYyixanFxbnpRkZ6qUWZycXF+Xl6eaklmxiBMXVwy2+r HYwHnzseYhTgYFTi4TUwmBQhxJpYVlyZe4hRgoNZSYSXwRIoxJuSWFmVWpQfX1Sak1p8iFGa g0VJnNds5f1wIYH0xJLU7NTUgtQimCwTB6dUA6N45PZL/zpc9qb8/tB0WD7aOvyvQ+GO1FbP VNNu9vgbj79nPvtopXev13CL98VrjE/U1W9tiJ53eMp1jvX69hdV3xrOu366aGaLlabK9r7N G96u3se8SfxY87ZpZ485mWS7bFvYtTKjI/5L602RDj5jFvPTb5jtldI/nv9ssDQ1aLbjuuL2 hT5KLMUZiYZazEXFiQAuuXempQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/2RlamBSwoIyzwMGlWn0GYDXoPHw>
Cc: "fandreas@cisco.com" <fandreas@cisco.com>, "mmusic-chairs@ietf.org" <mmusic-chairs@ietf.org>, "draft-ietf-mmusic-4572-update@ietf.org" <draft-ietf-mmusic-4572-update@ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-4572-update-12: (with COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 20:04:51 -0000

Hi Alissa,

Thank you for your review! See below.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

>Section 5.1 says:
>
>  "An endpoint MAY, in addition to its more preferred hash function,
>   also verify that each certificate used matches fingerprints
>   calculated using other hash functions.  Unless there is a matching
>   fingerprint for each tested hash function, the endpoint MUST NOT
>   establish the TLS connection."
>
> This seems a little weird to me. It's up to the endpoint to decide whether to check for errors, and then if it 
> does find an error it can't setup the connection, whereas if it just hadn't checked it would be able to setup 
> the connection. I think it would help to explain why an endpoint would be motivated to check multiple fingerprints.

I think the only use-case that came up was a situation where the receiver is not sure which hash function is the "strongest", and therefor checks multiple. However, it was also realized that with the multiple set of hash functions such situation is very unlikely to occur.

So, I could add the following note:

"NOTE: An endpoint might choose to match each used certificate against fingerprints calculated using multiple
hash functions e.g, if the endpoint is unsure which hash function is the strongest."

...or we could simply delete the text. I personally would go for that, but in case others want to keep it I have no problem with that.

Regards,

Christer

v2.23.0 | Report a Bug | By Email