IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Roman Shpount <roman@telurix.com> Mon, 25 April 2016 20:11 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BD7612D117 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 13:11:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzzBuk5s7_VH for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 13:11:32 -0700 (PDT)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 762CB12D0C9 for <mmusic@ietf.org>; Mon, 25 Apr 2016 13:11:32 -0700 (PDT)
Received: by mail-ig0-x22e.google.com with SMTP id bi2so77391787igb.0 for <mmusic@ietf.org>; Mon, 25 Apr 2016 13:11:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=w/ITXw5/751h3AbTHIIp5N7xiwXqOwgjkXvRJasmabI=; b=Hg78GaUHad3po+H3j7SNW/TxlDKDEF0YdKj/Cmqg1KK/VjH+CnYjhcetnmp/01zaJL IDHiMaMw1AhmLc3ho9kKLB3Lhc8U1fn3bWIBwcuXcbapHqfvZ7LWStmAhtvF2UHNSW/B mFWKFzHUjhxUq1l16ABkZSjtgqRiVqU6BONKQOmP1qrIQ+ACvogxp26ye5lfAKhJRfBT F21gojlitr1xN0wmBLjB20p4GQ6ejWyBjTzKnPYcTIirk3eW5K79uExIaSfVs5LsAKBm Uj0loT/8EuMxk1r3UrLGZK60aWTReSnfPekURXD1qJtRWNvT3/eqAx3+o0WXYy+OHbVh Unrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=w/ITXw5/751h3AbTHIIp5N7xiwXqOwgjkXvRJasmabI=; b=S8AenXvSQ21a2aAGrFI4k1iRSewgSj+qoO86LtK34XXNXyucZx/W5l99ANiRf0ZAjC r84clxpAWB6zsDVo84W5MsAFTRlNf0MZFZUP3fT3j8R/rK/xyszcDdZjXsOHlZy2SDis dFajjaINbM0PqiGSRLsQLKxZd15wn9YRNf5gGEGP6lA0U6RFmm8Sz53EghL48PTfWtjh 6fGxLd657kPUr26FHEVOpKUAF3V45NBf3eZaTPYqcFMNE3jJSCtDcT2ZqOFN9Ma5ouAf 4wCe2p3OPg7X5MM6mGSp1ZbgnSWv2yKmpVsT9wG7e6NkEqZiCO+KJMbkVsq8o8W4eOkO c5KA==
X-Gm-Message-State: AOPr4FUeJrezRTly1skttO6YKpstUUU0r/hQGvu5xjWcRCvzrheVdh+PaS4f4laSEl9llA==
X-Received: by 10.50.33.176 with SMTP id s16mr13663399igi.86.1461615091727; Mon, 25 Apr 2016 13:11:31 -0700 (PDT)
Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com. [209.85.213.175]) by smtp.gmail.com with ESMTPSA id i14sm7510904iod.34.2016.04.25.13.11.30 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Apr 2016 13:11:30 -0700 (PDT)
Received: by mail-ig0-f175.google.com with SMTP id g8so84765254igr.0 for <mmusic@ietf.org>; Mon, 25 Apr 2016 13:11:30 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.50.119.67 with SMTP id ks3mr10021486igb.78.1461615090596; Mon, 25 Apr 2016 13:11:30 -0700 (PDT)
Received: by 10.36.144.69 with HTTP; Mon, 25 Apr 2016 13:11:30 -0700 (PDT)
In-Reply-To: <07073395-7f19-0a3b-b39b-38e1db51c391@alum.mit.edu>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com> <D343F764.77D5%christer.holmberg@ericsson.com> <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F7CD82@ESESSMB209.ericsson.se> <CAD5OKxuh0CQDA=jNt1nSQ03mQKuD3-V09KOT-rEgEakRBP1Ckw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F7CF63@ESESSMB209.ericsson.se> <07073395-7f19-0a3b-b39b-38e1db51c391@alum.mit.edu>
Date: Mon, 25 Apr 2016 16:11:30 -0400
X-Gmail-Original-Message-ID: <CAD5OKxspsaqK+JG0MjV=sHZ8ATbVFYJ0Gwv=k93QKJYsB-5i+w@mail.gmail.com>
Message-ID: <CAD5OKxspsaqK+JG0MjV=sHZ8ATbVFYJ0Gwv=k93QKJYsB-5i+w@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="089e011847f646053e053154c827"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/XYlcQsWovUBx2EkFwoyFYvwND94>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 20:11:34 -0000

On Mon, Apr 25, 2016 at 3:56 PM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:

> On 4/25/16 3:26 PM, Christer Holmberg wrote:
>
>> So, does anyone object to the proposal: no matter how many certificates
>> (and associated fingerprints) the SDP contains, as long as there is
>> **one** hash (that the receiver supports and consider secure enough)
>> matches the certificate, things are good.
>>
>
> The possibility that the fingerprints might cover multiple certs, for
> multiple connections, messes things up.
>
> IIUC, *if* there is only one connection to be protected then all the
> fingerprints must be fingerprints of the cert for that one. And in that
> case if you check one and it fails to match then there is indeed an error,
> even if another one matches.
>
> Should it be acceptable to consider this case a failure? Or is this too
> complicated?
>

There is still a use case when an offer is sent but it is not yet known
which of the several media processors will be used when connection is
actually established. Such offer will contain fingerprints for certificates
on all the media processors, but only one of them will match. This is true
even for a single connection (bundle).

>
> One possibility would be to state that the minimum check, that MUST be
> applied, is that at least one fingerprint MUST match every cert covered by
> the SDP, and that an optional check (MAY be applied) is that *each*
> fingerprint match one of the certs covered by the SDP. (The optional check
> is something that a formal tester/verifier might perform.) It would be a
> requirement that the sender ensure that the harder test succeed if the
> recipient applies it.
>

We might add another SDP parameter for this or extend fingerprint in a
backwards compatible way to indicate some sort of certificate group, but
this is making things more complicated. Multiple people indicated that this
is out of scope for this document revision.


> I can live with just the minimum being stated.
>

We are mostly trying to document what people thought was already supported
in maximum backwards compatible manner. I think minimum match is the only
way.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email