IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

worley@ariadne.com (Dale R. Worley) Thu, 07 April 2016 15:13 UTC

Return-Path: <worley@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D4312D90B for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 08:13:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXgMLvDPtHc9 for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 08:13:57 -0700 (PDT)
Received: from resqmta-ch2-02v.sys.comcast.net (resqmta-ch2-02v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3366712D7FA for <mmusic@ietf.org>; Thu, 7 Apr 2016 08:00:07 -0700 (PDT)
Received: from resomta-ch2-07v.sys.comcast.net ([69.252.207.103]) by comcast with SMTP id oBPdaEEji8DPnoBPia1YPR; Thu, 07 Apr 2016 15:00:06 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460041206; bh=gOPMnkW523fr3W0oPHzHMJoBGL/q0RPwt6fZQQomVdg=; h=Received:Received:Received:Received:From:To:Subject:Date: Message-ID; b=FMldmV6d8AlucHy1VjuRMHPDgz5SBewRaXLlG5QaZ9kxkL0aVThHUP4WZpsqc0jPf aiQ/9IyRZmWfrs+Yb/R/CB2wbMaIJPU2btJzl8oKtrs0DGnB8dcR33On5rxbtuSElr hPIVJ1FXCkq8s50AGxJN/yYTb6dLt2d8I4MksrgKnm0suTHyJkIwk830S7itZjA/Rn LyyWKqaGGOw3hYUzkZjGpOGV3KEucu4vNz+feZhI4a4/FWxI+YfxTS0HQdKShxKyQd jLxgKtAm3+oarZEt1+o+4eh7s2wAoEQdZ9VM7ahYZthHzmHcka2q3rBkI2IktRpP0A gh4MFlamADYTg==
Received: from hobgoblin.ariadne.com ([73.143.237.82]) by resomta-ch2-07v.sys.comcast.net with comcast id fT051s00A1nMCLR01T054q; Thu, 07 Apr 2016 15:00:06 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id u37F04kS032137; Thu, 7 Apr 2016 11:00:04 -0400
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id u37F031O032134; Thu, 7 Apr 2016 11:00:03 -0400
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com
To: Martin Thomson <martin.thomson@gmail.com>
In-Reply-To: <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> (martin.thomson@gmail.com)
Sender: worley@ariadne.com
Date: Thu, 07 Apr 2016 11:00:03 -0400
Message-ID: <87twjdtqfg.fsf@hobgoblin.ariadne.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/WHMwL2a8c4CAu6kKd1hCAo43uZQ>
Cc: jonathan@vidyo.com, mmusic@ietf.org, christer.holmberg@ericsson.com
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 15:13:58 -0000

Martin Thomson <martin.thomson@gmail.com> writes:
> Maybe three pieces of advice are right.
>
> 1. Implement the strongest hash you can
> 2. Check all the hashes you can
> 3. Don't accept a session if you can only check weak hashes

I'm just now looking at this, but it seems to me that it is sufficient
for the receiver of the hashes to check any one hash that it considers
to have a sufficiently secure algorithm.  If the hash was sent to it,
that shows that the sender considers it to be secure enough.  (Of
course, if it does not receive any hash that it considers secure, the
receiver should reject the negotiation.)

There doesn't seem to be any reason for the receiver to check more than
one sufficiently secure hash.  Because it received them, the receiver
knows that the sender thinks both hashes are secure, and by hypothesis
the receiver thinks they are both secure, so every party to the
transaction expects that if one hash is valid, the other one will be.

Of course, we could allow the receiver to check multiple hashes if it
wishes...

Dale

v2.23.0 | Report a Bug | By Email