Re: [MMUSIC] Request for draft adoption: draft-holmberg-mmusic-4572-update
Roman Shpount <roman@telurix.com> Mon, 21 March 2016 14:55 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B67C212D689 for <mmusic@ietfa.amsl.com>; Mon, 21 Mar 2016 07:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3m1hZktdbmUB for <mmusic@ietfa.amsl.com>; Mon, 21 Mar 2016 07:55:50 -0700 (PDT)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DA8B12D6AC for <mmusic@ietf.org>; Mon, 21 Mar 2016 07:55:48 -0700 (PDT)
Received: by mail-ig0-x232.google.com with SMTP id av4so85677096igc.1 for <mmusic@ietf.org>; Mon, 21 Mar 2016 07:55:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=71NscdAUr1mq//NpMGdFXzW5VX88ftpZYSNbOkR+lkQ=; b=Uc4XIvBTMKfr99iM1nu8QMAdUF//dkOzNY4xoNhIRIPYRM4KlKlPEpoPW3bNsONUt8 /KwV9VryDp/CDfvTPQ9l9cvYy0AKjOw+5Ntg9GqQMnKpyNRGM9YWsySKZCzeyaE14AQ+ lyDlPgcSKxX/MD/2G6j9hCxh3NcsdX1t3ajh5Cu2ALqtJNhrkJfJKKOOcSUdXkU4i8Sz 6uixGmR1d2TqJGgALDVSe4NqBypbu4Fd8vs0QGYuK7hcDWMaVCvRLNpLS7xbGMgWMfCm 0LOa0H3v/udH0dyju9ZbM8rkJWrtFtHtp57LbCcdMa3RIE7c8J8twSNFM5gZa6umWrXG vlfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=71NscdAUr1mq//NpMGdFXzW5VX88ftpZYSNbOkR+lkQ=; b=CTjGywInidb2nd26jB4/qW3hg2QA0riB+ZQUtn2ooRwMkUoeuuu24RL3bU3LGc6yEG B7yCt2fT86eF9zdSfQf6efOfLJVDGH3mXj+BgyoSeis4H3P97AWDKg8FbNlp6GcKJlHS fzxftrvYc5SMSEV+fVPEvCsjBvcLHWlg46tZiK6dPorZC8/ziNBr1NlMLRPv/kdFa2Nk oL0fRztUbqdkiQ+ogWFlzGsDqWuTzIs8bfT3VPYEN4gf3iROUqETWhjif5S0K5Nnq7BI Xc6RJFDU8JKqo61k0POzK6IVaHeA+rhYx1kWpYslV7JfC//QUmhp+f1iiUVMObk0c72j XA7A==
X-Gm-Message-State: AD7BkJIB0hf39NCq7oaf+PQNO6cK6zJ+XTrnUus4eDS235srjnXLGSMguRECR0prvU3A8Q==
X-Received: by 10.50.50.177 with SMTP id d17mr13414196igo.32.1458572147673; Mon, 21 Mar 2016 07:55:47 -0700 (PDT)
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com. [209.85.223.174]) by smtp.gmail.com with ESMTPSA id x9sm5461995igg.17.2016.03.21.07.55.46 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 21 Mar 2016 07:55:46 -0700 (PDT)
Received: by mail-io0-f174.google.com with SMTP id m184so212040144iof.1 for <mmusic@ietf.org>; Mon, 21 Mar 2016 07:55:46 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.12.207 with SMTP id 76mr30198517iom.70.1458572145601; Mon, 21 Mar 2016 07:55:45 -0700 (PDT)
Received: by 10.36.106.194 with HTTP; Mon, 21 Mar 2016 07:55:45 -0700 (PDT)
In-Reply-To: <56F003F5.2010603@alum.mit.edu>
References: <7594FB04B1934943A5C02806D1A2204B37EA09F7@ESESSMB209.ericsson.se> <56EC2537.9040408@alum.mit.edu> <CABkgnnVs80SN+_T9BEO1aXjhi006kN89iKfo3j5FrNjAdkWXiQ@mail.gmail.com> <CAD5OKxtwpk1uUX1t74wY-qeY4eyA2er3ur29HgeqVgL7QyAmLQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37EE5DFE@ESESSMB209.ericsson.se> <CABkgnnUGNhTSF+VJpFRXapNtO1MwjbM1N0ePjYap8eGiMvN3uw@mail.gmail.com> <6F9ECA9D-2F06-464C-BB17-64CDACFF85B9@vidyo.com> <CABkgnnUwD8ropdSoUfCiod2XNGP+eQAjhr+4b9LHvVFBMq4A3Q@mail.gmail.com> <D31576CB.5FCC%christer.holmberg@ericsson.com> <CABkgnnU7QjkAHq2GEZ1L3NFzajTefnoghGAQGuJbE_YvxVp7zA@mail.gmail.com> <D31583F8.5FFB%christer.holmberg@ericsson.com> <19D44ABF-C455-4021-9E35-AB929FDBE392@vidyo.com> <CABkgnnUGFNwKdMAKXVLvB63Z3DOvGK01Pwfo2norv-sos_ix_g@mail.gmail.com> <D3158FEB.6024%christer.holmberg@ericsson.com> <CAD5OKxtc3u1TPon=bkFXY1O0t+JPSRwO4d7YZBwtqh8Dp=A5wA@mail.gmail.com> <CABkgnnX9Fm933wuDb28t8GtomFA4YHdwf5MUpG_uYHbrtSD9Ew@mail.gmail.com> <56F003F5.2010603@alum.mit.edu>
Date: Mon, 21 Mar 2016 10:55:45 -0400
X-Gmail-Original-Message-ID: <CAD5OKxspL+utrt01iA34Sf7m9W4ibcQNneecGAHL8FFVr88Uqw@mail.gmail.com>
Message-ID: <CAD5OKxspL+utrt01iA34Sf7m9W4ibcQNneecGAHL8FFVr88Uqw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="001a113eca069e509a052e904a25"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/FjDw03sslheZFc_ebDTFT9dn7sk>
Cc: Jonathan Lennox <jonathan@vidyo.com>, "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] Request for draft adoption: draft-holmberg-mmusic-4572-update
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 14:55:51 -0000
Let me try to explain the issue: When DTLS association is established you get the remote public key. You might also get the remote public key signature as a part for DTLS establishment, but this is only useful if this signature is generated by trusted well known third party (certificate authority) and signed by its certificate. Since for DTLS mostly self signed certificates are used, this signature is completely irrelevant. Once this public key is received, the receiving end point can generate a hash signature (fingerprint) of this key. Fingerprint has nothing to do with certificate signature. Fingerprint is completely independently generated by the receiving end point, and it is not signed by any certificate. The procedure to generate such fingerprint is different from certificate signatures and its value is completely unrelated. When validating a received public key, end point validates it against the list of fingerprints provided in the SDP. End point generates a fingerprint based on the hash algorithm specified in SDP fingerprint attribute and compares the generated value with the value in the SDP. If values are the same, the end point assume that fingerprint matches and this public key can be trusted. If none of the fingerprint match, then this connection is established by the untrusted remote and must be torn down. The reason to use multiple fingerprints with different hash algorithms for the same certificate is hash function agility. Imaging it is discovered that SHA-256 is insufficiently secure and SHA-512 should be used instead. It is physically impossible to update all communicating end points in the network at the same time without shutting down the whole network. In order to perform a gradual, rolling upgrade, end points are updated to include both SHA-512 and SHA-256 fingerprints in SDP descriptions. Older end-points will still accept keys used for connections based on older SHA-256 fingerprints. Newer end points will accept keys used for connections based on either SHA-256 or SHA-512 fingerprints. Once all end points in the network are updated to support SHA-512 fingerprints, another rolling update is started to remove support for SHA-256 fingerprints. After this update completes only newer, SHA-512 based fingerprints will be used in the network. Regards, _____________ Roman Shpount On Mon, Mar 21, 2016 at 10:23 AM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote: > On 3/21/16 6:37 AM, Martin Thomson wrote: > >> On 21 March 2016 at 20:55, Roman Shpount <roman@telurix.com> wrote: >> >>> >>> We should remove this requirement completely. >>> >> >> Yes. For a=fingerprint, the hash used in the certificate is >> completely irrelevant. More so, it could be a bad choice. >> >> > I am still struggling to precisely understand the threat you are trying to > address with this change, and then how the change is expected to work. > > Clearly both ends must understand the hash used in the certificate. The > original requirement that the fingerprint use the same hash was intended so > that no *additional* hashes had to be *mutually* understood by both ends. > > IIUC you are concerned because someone might want to use a cert with a > weak hash, but want to have a stronger hash for the fingerprint. > > But that introduces something else that both ends have to mutually agree > to. If both ends can be assumed to support a stronger hash for the > fingerprint, why not for the cert too? > > Allowing multiple fingerprints, using different hashes, for the same cert > implies that there isn't an assumption of complete mutual agreement. But > then presumably with multiple fingerprints, some will be stronger than > others. Doesn't that introduce the possibility of a downgrade attack? > > BTW, I notice this discussion doesn't include the entire mailing list. > Given how it is evolving, ISTM this would benefit from discussion by the wg. > > Thanks, > Paul >
- Re: [MMUSIC] Request for draft adoption: draft-ho… Roman Shpount
- Re: [MMUSIC] Request for draft adoption: draft-ho… Paul Kyzivat
- Re: [MMUSIC] Request for draft adoption: draft-ho… Roman Shpount