IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 08 April 2016 20:06 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5CD12D631 for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 13:06:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAiiUyUAlvYQ for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 13:06:04 -0700 (PDT)
Received: from resqmta-ch2-01v.sys.comcast.net (resqmta-ch2-01v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDB612D625 for <mmusic@ietf.org>; Fri, 8 Apr 2016 13:06:04 -0700 (PDT)
Received: from resomta-ch2-12v.sys.comcast.net ([69.252.207.108]) by comcast with SMTP id ocfIafunAVEtuocfMaracV; Fri, 08 Apr 2016 20:06:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460145964; bh=uuBWXno4ocEakHM3XJHdSH7hddwl9ekJ/b4aNQy1iRs=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=k4y2uWfBOBEAjt+EmlW4MloaW7QRx4eYhzLhUU5BM5SBKofymOtOkCTGaG0uta29R h2SWxPut6FiCYGeMkZqb4RucuJLLKQGNMuBLWutQjWgiR52r7DsvGYu09BEroPGzze kvQXFA1GVPTScHXlRG1Kh6dFTjElsUfYfFMnDSfL2bR7y7StFNkBdX+XMB8mCRmuCw ZCCYfWK6unn9i5W6szXb+ihL5xUl73o7aJgywSQ3/u2kIWzgUmUchqFtfZHBs1gTQA Ccqi+BOYMl4fB2WZpXUXxxir1ggadTrjQdKk26ifJl2z+Rpc0SRzxQgfEg8pgGWxdD JoM/0EDpyoJDg==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-12v.sys.comcast.net with comcast id fw631s00B3KdFy101w63eK; Fri, 08 Apr 2016 20:06:04 +0000
To: Roman Shpount <roman@telurix.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <57080F29.5060402@alum.mit.edu>
Date: Fri, 08 Apr 2016 16:06:01 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/Dj_Pd2KNlRJEpJqHHUyOOwJYkZs>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 20:06:05 -0000

On 4/8/16 3:14 PM, Roman Shpount wrote:
> I just wanted to re-iterate the question. We have two options:
>
> 1. If m= line has multiple fingerprints with hash functions X, Y, Z, at
> least one fingerprint with each function must match DTLS association for
> the media to be accepted. For example, if m= line has two fingerprints
> with hash function SHA-1, and two with SHA-512, DTLS association
> certificate must match at least one SHA-1 and one SHA-512 fingerprint.
>
> 2. If m= line has multiple fingerprints with hash functions X, Y, Z, at
> least one fingerprint with any hash function which is considered secure
> enough must match DTLS association for the media to be accepted. For
> example, if m= line has two fingerprints with hash function SHA-1, and
> two with SHA-512, DTLS association certificate must match one of either
> SHA-1 or SHA-512 fingerprints.
>
> Option 1 has a benefit of being more secure since it provides the
> combined secure of individual hash functions. It does put additional
> restrictions how equipment can be combined into producing a single m=
> line. For instance if fingerprints from two servers are combined into a
> single m= line and it is not known in advance which one will be used,
> both servers will need to always support the same hash functions and be
> updated at the same time.
>
> Option 2 is less secure since it is only as secure as the least secure
> hash. On the other hand option 2 allows to be more flexible in how
> equipment is combined to form the single m= line. Two servers in above
> example, for instance, can support different hash functions.
>
> I would ask the group to state their preferences.
>
> I prefer option 2 but can live with option 1.

I don't have a preference. But I will observe that a problem here arises 
because fingerprints for multiple DTLS associations don't identify which 
association they are intended for. Obviously the source of the 
fingerprints has this information. Discarding that info is complicating 
the algorithm.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email