IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Roman Shpount <roman@telurix.com> Thu, 07 April 2016 19:09 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F39B012D6C1 for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 12:09:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id al082j8dTz0G for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 12:09:00 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAAE712D6BE for <mmusic@ietf.org>; Thu, 7 Apr 2016 12:08:59 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id 2so105615316ioy.1 for <mmusic@ietf.org>; Thu, 07 Apr 2016 12:08:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=PrAh4GaObuA371b80okJ0JDcj2rl/r41biJ6xRdTyn4=; b=ykbn32G6z0X+A3ygweJTfwkTKiZcbP+mIV4WPBywlTwNR/kFRt2ZphLOp0fr50DK1m XP42Oj4OR10tMnkqL/nc9bd7yXXl3F7kgmdH5jqjbfpbAeulpCxfH4y/8QRFzFiBiqS5 Da6Nqd5maJj+WwM3w4YtWgfqKkUOOC0IU6VU5TOlN4EXMRI0oCjjlnjTQl4JugB8Vh92 K9c1TNQWabsvAekBF97JRUVxNXo+MfO+8mTgzoXRgKQu1yPiAtsDGcgsKqdzu+9YCTxR 3S22Zgi33pEzbzh+aJb8dxj4eKBlkmyHQWGSVd6osSjYht5dVBg3GP0WHt2Oyg/zjWmo dpSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=PrAh4GaObuA371b80okJ0JDcj2rl/r41biJ6xRdTyn4=; b=M1WfiIPIp53RFljZTQHV/ZDvlhKlrIivAfkbPSFVeYgUvAhjAB+Zu7yvzEiIfJi5hy suger4OuuQiRTiftkaDy3ZXfF18t/fY4fuLwNdjdtngpEg/OQ74JAe75uH2JHyL5qu6b MZiylTIa3K0abR8aL9MHcTAEgbDBY0iBRgV8MRHIwHuz7KGCMxthMmWF1/FygayYXG2I GSTXFaWdmR2iCSFeIMb3WSQvpQx3iswNroua86Z7PPoq8V5Gnaw2XdGkPwXKgVZ7i6GE BeW8YtY6iMBbaC/Avkbbp0hxpMRHS8C6Cl4q87B5n6BbPVbcpQ+Q1i1PYrfRD758F7Pl S1kg==
X-Gm-Message-State: AD7BkJIhmSWm7oSYO8sl4Y96DGuIT8QbyNy0QwaXPfFIZPuAPvOF7QF70vE2Is3bi0bU8A==
X-Received: by 10.107.164.205 with SMTP id d74mr5239979ioj.80.1460056138944; Thu, 07 Apr 2016 12:08:58 -0700 (PDT)
Received: from mail-io0-f182.google.com (mail-io0-f182.google.com. [209.85.223.182]) by smtp.gmail.com with ESMTPSA id h184sm4312211ioh.2.2016.04.07.12.08.58 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Apr 2016 12:08:58 -0700 (PDT)
Received: by mail-io0-f182.google.com with SMTP id o126so83247893iod.0 for <mmusic@ietf.org>; Thu, 07 Apr 2016 12:08:58 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.30.71 with SMTP id e68mr5202924ioe.145.1460056137976; Thu, 07 Apr 2016 12:08:57 -0700 (PDT)
Received: by 10.36.106.194 with HTTP; Thu, 7 Apr 2016 12:08:57 -0700 (PDT)
In-Reply-To: <57067AFE.9070704@alum.mit.edu>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <57067AFE.9070704@alum.mit.edu>
Date: Thu, 07 Apr 2016 15:08:57 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtX9HLWJJgKsG7hNJbRB1muS+fe8Pnnm=g4+=ryPyMN+A@mail.gmail.com>
Message-ID: <CAD5OKxtX9HLWJJgKsG7hNJbRB1muS+fe8Pnnm=g4+=ryPyMN+A@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="001a1140d71e74f510052fe9cfe1"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/IyOCFYtq2Yc9pMkZl9X-Txpduu8>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 19:09:03 -0000

On Thu, Apr 7, 2016 at 11:21 AM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:

> If you check the strongest hash you can and it succeeds, then what is the
> point of checking any others?


If you check any hash that you consider secure and it succeeds, you do not
need to check any others. There is no difference if it is the strongest or
just the hash that is strong enough.


> The one check should be sufficient if there is only one stream. It is a
> bit more complex if there are multiple streams (e.g., RTP and RTCP).
>
> How about:
>
> 1) implement as many as you can of hashes you consider strong enough.
>
> 2) for all the streams you are originating:
>    include fingerprints using all the hashes you support.
>    (Or is it ok to include fewer?)
>

It might be ok to include fewer but I cannot think of a single reason why
you would do this.

3) for streams you are receiving:
>
> 3.1) discard any fingerprints using hashes you don't support,
>      and any that you consider too weak to be trusted.
>
> 3.2) sort the remaining fingerprints, strongest hashes first.
>

There is no reason to sort. This will not make hash check any more secure.
If a hash you consider secure is compromised you will just get false
positive slightly later. There is probably a reason to sort hashes based on
the amount of resources it will take for you to check them, with easiest to
check first  in order to optimize the hash checking process. This will
likely sort the hashes weakest first.

3.3) for each stream, check fingerprints from the list in order
>      until you find one that matches.
>      Reject the session if none match.
>

Once again, if any match accept the session. If none match, reject.
Checking order does not matter and will not affect overall security.

Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email