Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher?
Roman Shpount <roman@telurix.com> Thu, 25 February 2016 19:27 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22F891B32AE for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 11:27:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfGFoUGyHR7O for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 11:27:45 -0800 (PST)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6D5F1B32B1 for <mmusic@ietf.org>; Thu, 25 Feb 2016 11:27:45 -0800 (PST)
Received: by mail-io0-x234.google.com with SMTP id 9so94026218iom.1 for <mmusic@ietf.org>; Thu, 25 Feb 2016 11:27:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=fjUbgl392KBM2SBaMD4YjR2l3s8C8CnzsWR4ZkQITjI=; b=ddRD+77O2MMib1AqX8UzBADGC9OOeLp8oHVMg+IYpn9vxhP8MDxXTmzsMSaGGVZ48y qQhrExocHQyjgsRuTEBKmrtxbZKPmLTy53rzVwLTOzHaD/i8z4BdfUT5e9799zTWZ8L5 /gQQ6j8QG053zsq5l6CmelNYMisZz1L2PDGiv+ggGs/9o10gIAnC3Coun1z9dYtF89N3 9b9ttic/DXjzmRb83MFxL8g1Sahawz23ARWICO6d6t2Sjn91sI7Ipv1vyVIrUpNwD3WP A2rLXJouj6gT3CFH+Cwe1fuIov95PTTkQ/XPs8FYM95Az6jQ03YEThmHGf0ijZPr4VNN OsmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=fjUbgl392KBM2SBaMD4YjR2l3s8C8CnzsWR4ZkQITjI=; b=hXGeq+6HNwUTVvw3LVL6HGYdisFZnqkvmpztHmQeki/CGe5pE85XvtU5lIt7tWmdVH i/kRsuBFM6Hl0vewBhV2S0J7pGbggHPBryQMW19RTrMC3d2G0qkecwtnG8ZEtkE+5rxG p4NTnn7Y2KApD+S/Z2my3vsIE9CZuEw1awrR/DxgQZEWpaphV8H5QEV8t0LefeWDxeBg lfh4uMhbNSPZiD9+D3m503Cbx/U+hvP2EBiKQilycbxacyTjNx0fbEFd7YB7o8O4gp2k G7TWDne98RZ59+OT9M8Cr2E0C+QmnRk8+gf9iE1Lar6fdgV5YIMR6DlqdbcoUhKkKJli GeCw==
X-Gm-Message-State: AG10YOQKEr96zg8I1PXNTm3sxXzzrpoxsgfsK1L9V043jWGyLMJq4EppTwHVeecu7R+c0g==
X-Received: by 10.107.170.79 with SMTP id t76mr5593910ioe.71.1456428465084; Thu, 25 Feb 2016 11:27:45 -0800 (PST)
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com. [209.85.223.180]) by smtp.gmail.com with ESMTPSA id p8sm1831828iga.10.2016.02.25.11.27.43 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 25 Feb 2016 11:27:43 -0800 (PST)
Received: by mail-io0-f180.google.com with SMTP id g203so99170165iof.2 for <mmusic@ietf.org>; Thu, 25 Feb 2016 11:27:43 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.107.157.70 with SMTP id g67mr4246404ioe.38.1456428463064; Thu, 25 Feb 2016 11:27:43 -0800 (PST)
Received: by 10.36.105.77 with HTTP; Thu, 25 Feb 2016 11:27:43 -0800 (PST)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B37E411AC@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B37E411AC@ESESSMB209.ericsson.se>
Date: Thu, 25 Feb 2016 14:27:43 -0500
X-Gmail-Original-Message-ID: <CAD5OKxsi_i7xmK1rsEuSNBXi=wa76OY9M_r5+XaSnqV=T4=eWA@mail.gmail.com>
Message-ID: <CAD5OKxsi_i7xmK1rsEuSNBXi=wa76OY9M_r5+XaSnqV=T4=eWA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="001a1140b4722e926a052c9d2dbc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/9TLgURT1fB5M44E2KDCxugb6o-g>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 19:27:47 -0000
On Thu, Feb 25, 2016 at 4:51 AM, Christer Holmberg < christer.holmberg@ericsson.com> wrote: > RFC 4572 (tls-sdp) contains the following text: > > > > “Following RFC 3279 [7] as updated by RFC > > 4055 [9], therefore, the defined hash functions are 'SHA-1' > [11] > > [19], 'SHA-224' [11], 'SHA-256' [11], 'SHA-384' [11], > 'SHA-512' [11], > > 'MD5' [12], and 'MD2' [13], with 'SHA-1' preferred.” > > > > Draft-dtls-sdp contains the following text: > > > > “Endpoints MUST support SHA-256 for generating and verifying the > fingerprint > > value associated with the DTLS association. The use of > SHA-256 is preferred.” > > > > I.e. for TLS SHA-1 is preferred, and for DTLS SHA-256 is preferred. > > > > Martin suggested (I assume) that we should update RFC 4572, to make > SHA-256 preferred also for TLS. > > > > Assuming we do the update, I guess the updated 4572 text would say: > > > > “Following RFC 3279 [7] as updated by RFC > > 4055 [9], therefore, the defined hash functions are 'SHA-1' > [11] > > [19], 'SHA-224' [11], 'SHA-256' [11], 'SHA-384' [11], > 'SHA-512' [11], > > 'MD5' [12], and 'MD2' [13], with 'SHA-256' preferred.” > > > > > > Q1: Do people agree to updating the preferred cipher in 4572? > > > > Q3: IF(Q1) Should the update be done within draft-dtls-sdp, or > should we create a separate draft/milestone for it? > > > I think the has function preference should be updated in 4572. I would prefer a separate draft for RFC 4572 update. There are enough issues with RFC 4572, including handling of multiple fingerprints, that justify a complete rewrite of TLS SDP negotiation procedures. If it would be decided that RFC 4572 should be updated in draft-dtls-sdp (not my preference), I would prefer to extend the draft to cover SDP for DTLS and TLS, so that it obsoletes RFC 4572 instead of patching it. Regards, _____________ Roman Shpount
- [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp reg… Christer Holmberg
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Roman Shpount
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Christer Holmberg
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Cullen Jennings