IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 25 April 2016 18:37 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE67612D683 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 11:37:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvAKMFq7-Fsm for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 11:37:46 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 049A612D66E for <mmusic@ietf.org>; Mon, 25 Apr 2016 11:37:16 -0700 (PDT)
X-AuditID: c1b4fb2d-f79936d0000030e4-9f-571e63da77c5
Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id FD.9A.12516.AD36E175; Mon, 25 Apr 2016 20:37:15 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.117]) by ESESSHC022.ericsson.se ([153.88.183.84]) with mapi id 14.03.0248.002; Mon, 25 Apr 2016 20:37:14 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>
Thread-Topic: [MMUSIC] 4572 update: forbid weak hashes?
Thread-Index: AQHRkMlvyALEPXgXDkKRhXLaT8/AmJ9+gkOg///n5gCAACIUsP//4eqAgAB6NgCAASWpgIAARJyAgBqMZgD//+CxgAAMKyYw
Date: Mon, 25 Apr 2016 18:37:13 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B37F7CD82@ESESSMB209.ericsson.se>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com> <D343F764.77D5%christer.holmberg@ericsson.com> <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com>
In-Reply-To: <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.150]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B37F7CD82ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyM2J7iO7tZLlwg4YOFoupyx+zWKzYcIDV YsaFqcwOzB5/339g8liy5CeTx60pBQHMUVw2Kak5mWWpRfp2CVwZb37uZy9Yc4exYttMywbG I9cYuxg5OCQETCS+Tk3uYuQEMsUkLtxbz9bFyMUhJHCEUWJ762koZwmjxMx725lBGtgELCS6 /2mDNIgIqEr8/T6ZCcRmFvCVeLngC1iJsICZxLXjsRAl5hI/GxpZIOw8ic8dqxhBbBag1q7j a9lBbF6g1l27tjBCrHrMIrF09VawBKdAoMSkQ7fAbEag476fWgO1S1zi1pP5TBBHC0gs2XOe GcIWlXj5+B8rhK0ksWL7JUaI+nyJhsefWSGWCUqcnPmEZQKj6Cwko2YhKZuFpGwW0DvMApoS 63fpQ5QoSkzpfsgOYWtItM6Zy44svoCRfRWjaHFqcXFuupGxXmpRZnJxcX6eXl5qySZGYPwd 3PJbdwfj6teOhxgFOBiVeHgXcMqGC7EmlhVX5h5ilOBgVhLhXREnFy7Em5JYWZValB9fVJqT WnyIUZqDRUmcNyfyX5iQQHpiSWp2ampBahFMlomDU6qB0Xp/yCK3HbKr1238rs+y80S4/daF mUfkZuewz0j0X/bnC4OnscL5xPgNmmd/NehPZO4+9su057Y+3y7Gi7tsf6dG7o6SZ4+LX74q 913T12mhRafffbsYJOb3QKAl5Fm+4vtFk0PuPEperb4p69Pi9YEcNu/3O27vvmf/YV2V9mYx MenCHTOf2CixFGckGmoxFxUnAgDOhs66uwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/8--Ny5kuLodjV8W5IVyWgddXBbU>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 18:37:57 -0000

Hi,

>There is no indication what fingerprint applies to what certificate in SDP fingerprint attribute. >The rule should be if connection is established a certificate which matches at least one hash >that you consider secure, the connection should be accepted. If you would make it more >complicated, this will likely break backwards interop or would require changes to >fingerprint/DTLS/certificates.

I don’t want to make things complicated – I want to agree on something, update the draft based on that, and go WGLC :)

Regards,

Christer




On Mon, Apr 25, 2016 at 9:38 AM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:
Hi,

I think option 1) does not support hash agility – which is one of the main reason from sending multiple fingerprints to begin with – as it assumes that the sender and receiver will support the same hash functions.

Option 2) seems to be what Cullen also suggested: as long as there is at least one fingerprint (calculated using a has function which the receiver considers secure enough) that matches the DTLS association. So, in general I support option 2).

However, we need to keep in mind that there may be fingerprints sent for multiple certificates. Do we need to mandate at least one match per cerfificate?

Regards,

Christer



From: mmusic <mmusic-bounces@ietf.org<mailto:mmusic-bounces@ietf.org>> on behalf of Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Friday 8 April 2016 at 22:14
To: "pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>" <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>
Cc: "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?

I just wanted to re-iterate the question. We have two options:

1. If m= line has multiple fingerprints with hash functions X, Y, Z, at least one fingerprint with each function must match DTLS association for the media to be accepted. For example, if m= line has two fingerprints with hash function SHA-1, and two with SHA-512, DTLS association certificate must match at least one SHA-1 and one SHA-512 fingerprint.

2. If m= line has multiple fingerprints with hash functions X, Y, Z, at least one fingerprint with any hash function which is considered secure enough must match DTLS association for the media to be accepted. For example, if m= line has two fingerprints with hash function SHA-1, and two with SHA-512, DTLS association certificate must match one of either SHA-1 or SHA-512 fingerprints.

Option 1 has a benefit of being more secure since it provides the combined secure of individual hash functions. It does put additional restrictions how equipment can be combined into producing a single m= line. For instance if fingerprints from two servers are combined into a single m= line and it is not known in advance which one will be used, both servers will need to always support the same hash functions and be updated at the same time.

Option 2 is less secure since it is only as secure as the least secure hash. On the other hand option 2 allows to be more flexible in how equipment is combined to form the single m= line. Two servers in above example, for instance, can support different hash functions.

I would ask the group to state their preferences.

I prefer option 2 but can live with option 1.

Regards,

_____________
Roman Shpount

On Fri, Apr 8, 2016 at 11:08 AM, Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>> wrote:
I don't have a horse in this race. I think those of you who do need to finish deciding what the rules are for multiple fingerprints, and then write the result into the draft update. Clearly it is ambiguous at the moment.

        Thanks,
        Paul

On 4/7/16 5:37 PM, Cullen Jennings wrote:

On Apr 7, 2016, at 11:20 AM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>
<mailto:roman@telurix.com<mailto:roman@telurix.com>>> wrote:

You should check all the hashes you consider secure and if any one of
them matches the DTLS association certificate, accept the media.

+1

This allows us to do things like include hash for two servers even when
you re not sure which server will actually be used.




_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email