Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
Jonathan Lennox <jonathan@vidyo.com> Thu, 25 February 2016 15:41 UTC
Return-Path: <prvs=68637bd80d=jonathan@vidyo.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C66C11B2B07 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 07:41:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.897
X-Spam-Level:
X-Spam-Status: No, score=-0.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_111=0.6, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvRVzDlkvRC7 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 07:41:26 -0800 (PST)
Received: from mx0a-00198e01.pphosted.com (mx0a-00198e01.pphosted.com [67.231.149.202]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F415C1B2ABC for <mmusic@ietf.org>; Thu, 25 Feb 2016 07:41:25 -0800 (PST)
Received: from pps.filterd (m0073109.ppops.net [127.0.0.1]) by mx0a-00198e01.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id u1PFfKWM018560; Thu, 25 Feb 2016 10:41:20 -0500
Received: from mail.vidyo.com ([162.209.16.214]) by mx0a-00198e01.pphosted.com with ESMTP id 214cqcvwvk-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 25 Feb 2016 10:41:19 -0500
Received: from 492132-EXCH1.vidyo.com ([fe80::50:56ff:fe85:4f77]) by 492133-EXCH2.vidyo.com ([fe80::50:56ff:fe85:6b62%13]) with mapi id 14.03.0195.001; Thu, 25 Feb 2016 09:41:19 -0600
From: Jonathan Lennox <jonathan@vidyo.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
Thread-Index: AQHRb0MX6bWTp5bg6UyLiWt52o6bVp88DisAgAAH8ACAAAnHAIAABB4AgAEoAAA=
Date: Thu, 25 Feb 2016 15:41:18 +0000
Message-ID: <0EF1AF5F-3AB7-4251-A2C7-C3EF423E917E@vidyo.com>
References: <56B4CDCF.4080100@cisco.com> <56CA320D.9050306@cisco.com> <7594FB04B1934943A5C02806D1A2204B37E389BF@ESESSMB209.ericsson.se> <56CCBE6A.7090709@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E3E3AB@ESESSMB209.ericsson.se> <56CDE4FB.6090002@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E400B7@ESESSMB209.ericsson.se> <56CE145F.5090903@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E4013D@ESESSMB209.ericsson.se> <CABkgnnU2kswQBH=qr6M+wXK8txH4=wA3PLFmTZtZf62KdggNfQ@mail.gmail.com> <56CE24DE.6090300@alum.mit.edu> <CABkgnnUMwweQ0GTsdbvMd9ZJ9vcO5FdMAzZQ-7gW_ukiGyp47A@mail.gmail.com>
In-Reply-To: <CABkgnnUMwweQ0GTsdbvMd9ZJ9vcO5FdMAzZQ-7gW_ukiGyp47A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [160.79.219.114]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F2D27CB9EBDD9B4FAA334EE94B2D2635@vidyo.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.15.21, 1.0.33, 0.0.0000 definitions=2016-02-25_05:2016-02-25,2016-02-25,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1601100000 definitions=main-1602250221
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/OaqsCuet1x-P7yDBJPQEJXZrFGE>
Cc: mmusic <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 15:41:26 -0000
I can certainly agree that 4572 could use an update. I didn’t completely understand what I was doing when I wrote it; in particular, the idea that the certificate was just a repository for the public key wasn’t something I had completely grasped, and the hash agility was confused. > On Feb 24, 2016, at 5:01 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 24 February 2016 at 13:47, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote: >> If we are going to make normative references to multiple fingerprints we >> need some place authoritative to reference for the details. > > I recommend judicious use of copy and paste. Feel free to steal text > that I wrote. > > FWIW, my reading of 4572 is that it permits multiple fingerprints: one > for each certificate that might be used. Its failing is that a) it > doesn't allow for hash agility, and b) it's unclear, perhaps in the > extreme. > > However, I see this: > > Endpoints MUST support SHA-256 for generating and verifying the > fingerprint value associated with the DTLS association. The use of > SHA-256 is preferred. > > Which doesn't mention that this requires an update of 4572. > > And this: > > The certificate received during the DTLS handshake MUST match the > fingerprint received in the SDP "fingerprint" attribute. > > Which should say '*a* fingerprint', to allow for there being multiple. > > And this: > > [...] In addition, the offerer > MUST insert an SDP 'setup' attribute according to the procedures in > [RFC4145], and an SDP 'fingerprint' attribute according to the > procedures in [RFC4572], in the offer. > > Which doesn't deal with multiple certificates. > > I also see: > > The > subjectAltName is not an important component of the certificate > verification. > > Which is true but insufficient; the text can simply say that the > certificate is only a receptacle for a public key and authentication > is tied to an a=fingerprint line in the SDP. > > And this: > > This offer includes, as part of the SDP payload, the fingerprint of > the certificate that the endpoint wants to use. The endpoint SHOULD > > Which should be plural fingerprint*s*. > > The pattern repeats throughout.
- [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt Flemming Andreasen
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Charles Eckel (eckelcu)
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Charles Eckel (eckelcu)
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Flemming Andreasen
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Jonathan Lennox
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Jonathan Lennox