Re: [MMUSIC] Request for draft adoption: draft-holmberg-mmusic-4572-update
Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 21 March 2016 18:25 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E19A212D9E7 for <mmusic@ietfa.amsl.com>; Mon, 21 Mar 2016 11:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auKejfK4UTJq for <mmusic@ietfa.amsl.com>; Mon, 21 Mar 2016 11:25:55 -0700 (PDT)
Received: from resqmta-ch2-08v.sys.comcast.net (resqmta-ch2-08v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:40]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF36B12D9E2 for <mmusic@ietf.org>; Mon, 21 Mar 2016 11:25:55 -0700 (PDT)
Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-08v.sys.comcast.net with comcast id YiRV1s0022Fh1PH01iRu3s; Mon, 21 Mar 2016 18:25:54 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-08v.sys.comcast.net with comcast id YiRt1s00J3KdFy101iRtgJ; Mon, 21 Mar 2016 18:25:54 +0000
To: Roman Shpount <roman@telurix.com>
References: <7594FB04B1934943A5C02806D1A2204B37EA09F7@ESESSMB209.ericsson.se> <CAD5OKxtwpk1uUX1t74wY-qeY4eyA2er3ur29HgeqVgL7QyAmLQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37EE5DFE@ESESSMB209.ericsson.se> <CABkgnnUGNhTSF+VJpFRXapNtO1MwjbM1N0ePjYap8eGiMvN3uw@mail.gmail.com> <6F9ECA9D-2F06-464C-BB17-64CDACFF85B9@vidyo.com> <CABkgnnUwD8ropdSoUfCiod2XNGP+eQAjhr+4b9LHvVFBMq4A3Q@mail.gmail.com> <D31576CB.5FCC%christer.holmberg@ericsson.com> <CABkgnnU7QjkAHq2GEZ1L3NFzajTefnoghGAQGuJbE_YvxVp7zA@mail.gmail.com> <D31583F8.5FFB%christer.holmberg@ericsson.com> <19D44ABF-C455-4021-9E35-AB929FDBE392@vidyo.com> <CABkgnnUGFNwKdMAKXVLvB63Z3DOvGK01Pwfo2norv-sos_ix_g@mail.gmail.com> <D3158FEB.6024%christer.holmberg@ericsson.com> <CAD5OKxtc3u1TPon=bkFXY1O0t+JPSRwO4d7YZBwtqh8Dp=A5wA@mail.gmail.com> <CABkgnnX9Fm933wuDb28t8GtomFA4YHdwf5MUpG_uYHbrtSD9Ew@mail.gmail.com> <56F003F5.2010603@alum.mit.edu> <CAD5OKxspL+utrt01iA34Sf7m9W4ibcQNneecGAHL8FFVr88Uqw@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <56F03CAF.2040308@alum.mit.edu>
Date: Mon, 21 Mar 2016 14:25:51 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <CAD5OKxspL+utrt01iA34Sf7m9W4ibcQNneecGAHL8FFVr88Uqw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1458584754; bh=TxCjJEJvaXyAp6ANYPIOuAbBrm1i4SB+6af3bGhl64I=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=UQxMzLdY3e7VK8SU6ck+/AYMKzjcc6ZT8ksx2IzTbCdFYCNMR6UUI+WDp21cUer1h mG1r+46g/3jACIwPspL2oAsKd9K33lXY/f2d1oFM1LLUSkZMRdsjZ4W9qViCCNdIgx LhCt4tMPZawey8bDrtolfCsMozpq4hOWKP6MpEtCPKge4AV7uQdkSeNUKnAYFb+mvN paYc0A7ZfXDCQROJjyryDaAFK6EiteVXmfaHneoO1rYrluV/3aVfDbkXWhgRYf36iF 0IIk2GpQpqCoK6Fwoaq8QATqvAreTCQdZu18q3ZmLMRqJ726S+ZxOIwesroBhRWmPk Z10uUBCvDkjgA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/QiBDE1c3YqrwQhvzlLR2jn3f0d8>
Cc: Jonathan Lennox <jonathan@vidyo.com>, "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] Request for draft adoption: draft-holmberg-mmusic-4572-update
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 18:25:57 -0000
Roman, OK, now we are on the mmusic list. See below. On 3/21/16 10:55 AM, Roman Shpount wrote: > Let me try to explain the issue: > > When DTLS association is established you get the remote public key. You > might also get the remote public key signature as a part for DTLS > establishment, but this is only useful if this signature is generated by > trusted well known third party (certificate authority) and signed by its > certificate. Since for DTLS mostly self signed certificates are used, > this signature is completely irrelevant. > > Once this public key is received, the receiving end point can generate a > hash signature (fingerprint) of this key. Fingerprint has nothing to do > with certificate signature. Fingerprint is completely independently > generated by the receiving end point, and it is not signed by any > certificate. The procedure to generate such fingerprint is different > from certificate signatures and its value is completely unrelated. > > When validating a received public key, end point validates it against > the list of fingerprints provided in the SDP. End point generates a > fingerprint based on the hash algorithm specified in SDP fingerprint > attribute and compares the generated value with the value in the SDP. If > values are the same, the end point assume that fingerprint matches and > this public key can be trusted. If none of the fingerprint match, then > this connection is established by the untrusted remote and must be torn > down. > > The reason to use multiple fingerprints with different hash algorithms > for the same certificate is hash function agility. Imaging it is > discovered that SHA-256 is insufficiently secure and SHA-512 should be > used instead. It is physically impossible to update all communicating > end points in the network at the same time without shutting down the > whole network. In order to perform a gradual, rolling upgrade, end > points are updated to include both SHA-512 and SHA-256 fingerprints in > SDP descriptions. Older end-points will still accept keys used for > connections based on older SHA-256 fingerprints. Newer end points will > accept keys used for connections based on either SHA-256 or SHA-512 > fingerprints. Once all end points in the network are updated to support > SHA-512 fingerprints, another rolling update is started to remove > support for SHA-256 fingerprints. After this update completes only > newer, SHA-512 based fingerprints will be used in the network. Still, what is the attack? The following come to mind: 1) capture the encrypted signaling and media. Then attack it offline to decode the media. 2) insert a MITM into the signaling path. Change the signaling to redirect the media so that it can be decoded and changed in realtime. For (1), if the signaling can be decrypted (or if it wasn't encrypted) then AFAICT it doesn't matter what hash algorithm is used for the fingerprint. If the signaling can't be decrypted more easily than the media then the fingerprint hash is irrelevant. For (2), if you are going to install a media relay that decodes/encodes, and you can manipulate the signaling, then again I don't see how it matters what hash function is used for the fingerprint. Thanks, Paul
- Re: [MMUSIC] Request for draft adoption: draft-ho… Roman Shpount
- Re: [MMUSIC] Request for draft adoption: draft-ho… Paul Kyzivat
- Re: [MMUSIC] Request for draft adoption: draft-ho… Roman Shpount