IETF Logo Mail Archive

Re: [MMUSIC] Stephen Farrell's Discuss on draft-ietf-mmusic-4572-update-12: (with DISCUSS)

Jonathan Lennox <jonathan@vidyo.com> Tue, 31 January 2017 17:23 UTC

Return-Path: <prvs=82043b512d=jonathan@vidyo.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75287129515; Tue, 31 Jan 2017 09:23:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.998
X-Spam-Level:
X-Spam-Status: No, score=0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=3.599, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKHki5-PWq3b; Tue, 31 Jan 2017 09:23:18 -0800 (PST)
Received: from mx0b-00198e01.pphosted.com (mx0b-00198e01.pphosted.com [67.231.157.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0D412948C; Tue, 31 Jan 2017 09:23:18 -0800 (PST)
Received: from pps.filterd (m0073110.ppops.net [127.0.0.1]) by mx0b-00198e01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v0VHJRwo020041; Tue, 31 Jan 2017 12:23:14 -0500
Received: from mail.vidyo.com ([162.209.16.214]) by mx0b-00198e01.pphosted.com with ESMTP id 288px82863-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Tue, 31 Jan 2017 12:23:14 -0500
Received: from 492132-EXCH1.vidyo.com ([fe80::50:56ff:fe85:4f77]) by 492133-EXCH2.vidyo.com ([fe80::50:56ff:fe85:6b62%13]) with mapi id 14.03.0195.001; Tue, 31 Jan 2017 11:23:13 -0600
From: Jonathan Lennox <jonathan@vidyo.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-mmusic-4572-update-12: (with DISCUSS)
Thread-Index: AQHSe9xP0bZ4yIUYgkq4TrgGIWp7sqFTOkcA
Date: Tue, 31 Jan 2017 17:23:12 +0000
Message-ID: <3DCBB043-EF35-425A-A005-93488A726369@vidyo.com>
References: <148587892598.2448.6982128247176255180.idtracker@ietfa.amsl.com>
In-Reply-To: <148587892598.2448.6982128247176255180.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [160.79.219.114]
Content-Type: text/plain; charset="utf-8"
Content-ID: <046C4A595B17894EB4126DE0A9377BFC@vidyo.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-31_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701310147
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/Kzx2R-rxinxAavm0MgAFbg_ZF-0>
Cc: Flemming Andreasen <fandreas@cisco.com>, "mmusic-chairs@ietf.org" <mmusic-chairs@ietf.org>, "draft-ietf-mmusic-4572-update@ietf.org" <draft-ietf-mmusic-4572-update@ietf.org>, The The IESG <iesg@ietf.org>, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] Stephen Farrell's Discuss on draft-ietf-mmusic-4572-update-12: (with DISCUSS)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2017 17:23:19 -0000

> On Jan 31, 2017, at 11:08 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> 
> I've two (or 4 depending how you count:-) things
> I'd like to check here. Should be pretty easy to
> handle.
> 
> (1) section 5: I'm wondering if we have the right
> set of hash functions here. Deprecating md2 and md5
> is great, but I have a bunch of questions about the
> others:
> 
> (1.1) why not also say that sha-1 MUST NOT be used
> for new things (or similar)?

We say (section 5.1) that SHA-256 MUST be used for one of the fingerprints; implementations MAY send additional fingerprints as well.

There’s concern that there may be existing implementations needing SHA-1 (since 4572 made that the MTI algorithm).  The need for interop makes defining “new things” rather complicated.

Is that sufficient?


> (1.2) do you really need sha-224 and 384? I think
> nobody uses those at all.
> 
> (1.3) I'm a bit surprised you didn't add sha3 (and
> maybe remove sha-512 if that's not needed) Even if
> you don't encourage use of sha3, it might be good
> to include it in the abnf now in case it gets
> popular.

The policy is that the set of hash functions supported corresponds to the hash functions defined for X.509 certificates. Unless I’m missing something, there’s no definition of SHA-3 for X.509 yet, is there?  (If I’ve overlooked something, please let me know.) 

The list is an IANA registry, so once SHA-3 is defined for X.509, it can also be added to the registry without needing an update to this document.

For the same reason, this is why we included SHA-224 and SHA-384.  If no one’s using them, I’d think an update to RFC 4055 would be in order?


> (2) Wouldn't it be a good plan to say that TLS
> as-used MUST conform to BCP195? If not, why not?

My inclination would be to say yes, but I’ll let people with more of the existing implementations comment further in case there’s some issue.

v2.23.0 | Report a Bug | By Email