Re: [MMUSIC] 4572 update: forbid weak hashes?
Roman Shpount <roman@telurix.com> Thu, 07 April 2016 21:25 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C534712D6FB for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 14:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIPHAuRAVYQA for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 14:25:53 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6442812D6D7 for <mmusic@ietf.org>; Thu, 7 Apr 2016 14:25:53 -0700 (PDT)
Received: by mail-io0-x22c.google.com with SMTP id q128so109682219iof.3 for <mmusic@ietf.org>; Thu, 07 Apr 2016 14:25:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=QUgc18xgkM+Yulx0/nsQxMJSWIiMxQCj1/BBSfmTcGA=; b=BnlRmzpEK00SzyxyOMwjmSgRoVq0+BoX3VVNPWIfHKQo+GhTERA6Ta8Dn5giuo2oxV +egxoSRK/uQFToVYafUTsXrNE1wPyJKumSyenVUVp1B+z3lYANatvoiPhBEvC5DP74/7 BV2oVhwOYNJ+e8sA0b09iu4oOauoDCbLDyYw3eYUpevcrd4eY5Rkxn5a266qRZswvlRA qdcatGCh2ZmxrgrMUWyqW0WzDNepQMar8pvCKwJkMowZ17GRXIMg3yvpLu8YmsKjubwH Qdvb/7tZLgIz7KmIsTCXZBaFmip+b8DcwdobIH/BR8UbozkqejvFPs78o0v9l/NBiVtc AG3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=QUgc18xgkM+Yulx0/nsQxMJSWIiMxQCj1/BBSfmTcGA=; b=YSMujsnWkSFR2HMhm4a6GKxT7eORw5mdR4S/gnyVtBCpXEyqThMeYUl0WSwNU3LeWr UV/U99DnOZR4YidFHkefVLuA9lvjhW25jXtc6irmVeg4AphRW+Ce42vOk8cNYwYjf3+8 Pss+M72RqDx5C+KsY5o7jNnwrYGEE98dfQQ7UUWm3GASqemAqcg+ASHWmx8zZE4ZnAlJ oQKsHN1SzmiCOxynYzukVEdphzqOvOXtHFFG6xCnswZdKxKNfWJG7GWQrFOUbkxOGa0T aEaXoIFbHFdA++t0xPEPhTQF6lnmtV6ndDvvrvE6zgI1zgY6hcwfeslQSl0O6cAjm6MN Y5bw==
X-Gm-Message-State: AD7BkJJbeVmxNIo9rO6p1mJhZm8BloJeRJxPP52+ZclvkZe6lILqOzk99LfzPMROYKsVkg==
X-Received: by 10.107.19.42 with SMTP id b42mr5501570ioj.75.1460064352709; Thu, 07 Apr 2016 14:25:52 -0700 (PDT)
Received: from mail-io0-f169.google.com (mail-io0-f169.google.com. [209.85.223.169]) by smtp.gmail.com with ESMTPSA id zy9sm12603611igc.13.2016.04.07.14.25.51 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Apr 2016 14:25:52 -0700 (PDT)
Received: by mail-io0-f169.google.com with SMTP id o126so87420951iod.0 for <mmusic@ietf.org>; Thu, 07 Apr 2016 14:25:51 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.157.70 with SMTP id g67mr5239087ioe.38.1460064351587; Thu, 07 Apr 2016 14:25:51 -0700 (PDT)
Received: by 10.36.106.194 with HTTP; Thu, 7 Apr 2016 14:25:51 -0700 (PDT)
In-Reply-To: <CABkgnnWQY+eMaJ1a2VwJQFSD7XGSto1PP89uutq8eL5M12iuJQ@mail.gmail.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <57067AFE.9070704@alum.mit.edu> <CAD5OKxtX9HLWJJgKsG7hNJbRB1muS+fe8Pnnm=g4+=ryPyMN+A@mail.gmail.com> <5706B499.9030209@alum.mit.edu> <CAD5OKxu_Ok2Cpb6Zvim4RtOpab3UY1xMWrJtODVHiqJBR_vfJA@mail.gmail.com> <CABkgnnWS030+7xLMdbd+p0bh3805UtRB5fYkOmGuxPcdHLh-1w@mail.gmail.com> <CAD5OKxsVZqOj-HG7_vN4KS+E6=mKurGew=kkRv10u=CJe6QZwQ@mail.gmail.com> <CABkgnnXApcn6K0fEEgrTNCOtdPDJeWJnhkmMzm+7b2jUt1nN+A@mail.gmail.com> <CAD5OKxsQZe_nNGF421sAw1tr5qeEuxG7SBmAaY7oo8E0U-GvCQ@mail.gmail.com> <CABkgnnWQY+eMaJ1a2VwJQFSD7XGSto1PP89uutq8eL5M12iuJQ@mail.gmail.com>
Date: Thu, 07 Apr 2016 17:25:51 -0400
X-Gmail-Original-Message-ID: <CAD5OKxv+WjuqMpr6nU1-mwpwaOLvo1WYSr3R_4hd7fHsGdTjWw@mail.gmail.com>
Message-ID: <CAD5OKxv+WjuqMpr6nU1-mwpwaOLvo1WYSr3R_4hd7fHsGdTjWw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a1140b47206baec052febb9ea"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/AQXE381tXBDu2lYiNoV-TZ3i4bY>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 21:25:54 -0000
On Thu, Apr 7, 2016 at 5:13 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 7 April 2016 at 17:55, Roman Shpount <roman@telurix.com> wrote: > > If I understand your proposal correctly this will cause DTLS association > for > > RTCP to be rejected since it did not match a single SHA-256 fingerprint. > > This is definitely undesirable. > > Well, the entity generating the SDP is not constrained by the hashes > that the two devices support, is it? > This all depends on the architecture. In the solution I had to deal with RTP and RTCP would generate temporary certificates and send only fingerprints to the device which produced final SDP. I do agree this is esoteric. But, assuming that it is, then my original text did have the property > you describe. > _____________ Roman Shpount
- [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Dale R. Worley
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Cullen Jennings
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount