IETF Logo Mail Archive

[MMUSIC] Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls

Sam Hartman <hartmans-ietf@mit.edu> Wed, 04 January 2006 20:23 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EuF9z-0001hL-P1; Wed, 04 Jan 2006 15:23:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EuF9y-0001g4-60; Wed, 04 Jan 2006 15:23:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20832; Wed, 4 Jan 2006 15:21:46 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EuFFV-0007MA-AJ; Wed, 04 Jan 2006 15:28:46 -0500
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 60EF1160059; Wed, 4 Jan 2006 15:22:59 -0500 (EST)
To: Jonathan Lennox <lennox@cs.columbia.edu>
References: <200601021643.LAA18903@ietf.org> <86psna8lsd.fsf@raman.networkresonance.com> <17337.52920.343464.422053@metro-north.cs.columbia.edu>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 04 Jan 2006 15:22:59 -0500
In-Reply-To: <17337.52920.343464.422053@metro-north.cs.columbia.edu> (Jonathan Lennox's message of "Mon, 2 Jan 2006 20:09:12 -0500")
Message-ID: <tslr77nspy4.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc: tls@ietf.org, mmusic@ietf.org, EKR <ekr@networkresonance.com>, jon.peterson@neustar.biz, mankin@psg.com
Subject: [MMUSIC] Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Sender: mmusic-bounces@ietf.org
Errors-To: mmusic-bounces@ietf.org

Especially in the case where a fingerprint is present I think that the
requirements for identity matching would introduce usability problems
with no security benefit.  So I strongly argue for relaxing the
identity checking in the case where a fingerprint is available in an
integrity protected SDP exchange.

In the case where the cert is being matched against a trust anchor
through the process described in RFC 3280, the identity constraints
given in this document (or similar constraints) are absolutely
essential.

In the case where you are doing ssh-style leap of faith you do need to
decide what identity you are binding the leap of faith entry to in
your cache.  In that case the identity requirements may be helpful but
are not strict security requirements.

If you are going to support ssh-style leap of faith you do need to be
careful not to make rekeying/changing a cert harder than it needs to
be.  In particular, the user should not get a warning because there is
a leap of faith cache entry with a different certificate in it and a
valid fingerprint is presented in an integrity protected SDP session.
I'm not sure updating the cache entry would be good in that case, but
presenting a warning to the user because the cert changed would
definitely be a bad idea because it would discourage rekeying.

Now you do need to present the warning in the case where the SDP
session is not integrity protected.

--Sam


P.S. If I was too terse I can expand.

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email