Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
Christer Holmberg <christer.holmberg@ericsson.com> Thu, 25 February 2016 19:18 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C5071B3228 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 11:18:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.6
X-Spam-Level:
X-Spam-Status: No, score=-3.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_111=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NObxPK3k0pR2 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 11:18:43 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66C1A1B3220 for <mmusic@ietf.org>; Thu, 25 Feb 2016 11:18:42 -0800 (PST)
X-AuditID: c1b4fb25-f794e6d000003d15-a6-56cf539023a1
Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.183.78]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 34.EA.15637.0935FC65; Thu, 25 Feb 2016 20:18:40 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.73]) by ESESSHC020.ericsson.se ([153.88.183.78]) with mapi id 14.03.0248.002; Thu, 25 Feb 2016 20:18:40 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Roman Shpount <roman@telurix.com>, Jonathan Lennox <jonathan@vidyo.com>
Thread-Topic: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
Thread-Index: AQHRYDJWlchfH5W0vky7ZrpRmrhLnJ83E66AgAJUQ1CAALVrAIAA3K9AgACCd4CAAECHsP//9/iAgAASgkD///dgAIAACcgAgAAEHgCAASf+AIAANraAgAARRXCAAAQ+YA==
Date: Thu, 25 Feb 2016 19:18:39 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B37E443A4@ESESSMB209.ericsson.se>
References: <56B4CDCF.4080100@cisco.com> <56CA320D.9050306@cisco.com> <7594FB04B1934943A5C02806D1A2204B37E389BF@ESESSMB209.ericsson.se> <56CCBE6A.7090709@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E3E3AB@ESESSMB209.ericsson.se> <56CDE4FB.6090002@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E400B7@ESESSMB209.ericsson.se> <56CE145F.5090903@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E4013D@ESESSMB209.ericsson.se> <CABkgnnU2kswQBH=qr6M+wXK8txH4=wA3PLFmTZtZf62KdggNfQ@mail.gmail.com> <56CE24DE.6090300@alum.mit.edu> <CABkgnnUMwweQ0GTsdbvMd9ZJ9vcO5FdMAzZQ-7gW_ukiGyp47A@mail.gmail.com> <0EF1AF5F-3AB7-4251-A2C7-C3EF423E917E@vidyo.com> <CAD5OKxtVyxE=udiSS2qe_kaGS6Lcwum2iNBY+wOSJ3c60CmzxQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37E442FF@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B37E442FF@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B37E443A4ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrGIsWRmVeSWpSXmKPExsUyM2K7n+6E4PNhBhOXa1vsX3ye2WLq8scs Fis2HGC1mHFhKrMDi8ff9x+YPJYs+cnkcWtKgUfbszvsASxRXDYpqTmZZalF+nYJXBkHLu9m LnhwhbHi36m1jA2ME84zdjFyckgImEgs2rCIDcIWk7hwbz2QzcUhJHCYUaLv8xtGCGcxo8Tf JevZuxg5ONgELCS6/2mDxEUEGhklnrVeYAXpZhZwktj/4TUziC0sYC/x7/4HsKkiAg4Sm25c Y4SwJzFKfJpUA2KzCKhKnNnwDqyeV8BX4viMyawQy1aySdy8MpkJJMEp4CfRN2M6O4jNCHTe 91NrmCCWiUvcejKfCeJsAYkle84zQ9iiEi8f/2OFsJUk1h7ezgJRny/RuGcSG8QyQYmTM5+w TGAUnYVk1CwkZbOQlM0C+plZQFNi/S59iBJFiSndD9khbA2J1jlz2ZHFFzCyr2IULU4tTspN NzLWSy3KTC4uzs/Ty0st2cQIjM2DW36r7mC8/MbxEKMAB6MSD++Gv2fDhFgTy4orcw8xSnAw K4nwhnmdDxPiTUmsrEotyo8vKs1JLT7EKM3BoiTOu8Z5fZiQQHpiSWp2ampBahFMlomDU6qB UXOafmXbj2m5h7d+tL1x+3xP3tnGxw9FL9/Y+0/P51zQC7Y1X7w75qguTj/xeuU8u1lbTjMe /bL/V57Ql/lnni/WOHHx/L2qXaxsqy6pfDz0+3JEf8jnIw/9byXoaXo+8X2hsP/Lu4mFJ1yq p7D7zjkyw1rx8d7lkmWfmBf7r/+W0vYk0V4hL7tJiaU4I9FQi7moOBEAF4mp0ckCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/YVuCUrOLQCB6CVpQvw720uIM3-c>
Cc: mmusic <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 19:18:46 -0000
Hi, Personally, I have no problem updating RFC 4572 within draft-ietf-mmusic-dtls-sdp, depending on how big the update would be. The currently identified potential updates are: 1) Define the semantics of associating multiple SDP ‘fingerprint’ attributes with an “m=” line. 2) Update the preferred cipher suite in order to align with DTLS (SHA-1 -> SHA-256). Regarding 1), I’d be happy if someone could commit to providing text (even if it is simply copying something from Martin’s draft). Also, is it enough to update section 5 of RFC 4572, or do we need to update some other sections too? Regards, Christer From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Christer Holmberg Sent: 25 February 2016 20:59 To: Roman Shpount <roman@telurix.com>; Jonathan Lennox <jonathan@vidyo.com> Cc: mmusic <mmusic@ietf.org>; Paul Kyzivat <pkyzivat@alum.mit.edu> Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt 3. Write a separate draft that updates 4572. Regards, Christer From: Roman Shpount [mailto:roman@telurix.com] Sent: 25 February 2016 20:57 To: Jonathan Lennox <jonathan@vidyo.com<mailto:jonathan@vidyo.com>> Cc: Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>>; mmusic <mmusic@ietf.org<mailto:mmusic@ietf.org>>; Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>; Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt There are two options possible here: 1. Make current draft-ietf-mmusic-dtls-sdp draft update 4572 and cover TLS as well, essentially making it draft-ietf-mmusic-tls-and-dtls-sdp 2. Limit the scope of draft-ietf-mmusic-dtls-sdp to DTLS only. Completely define how setup and fingerprint attributes are used there for DTLS only. Let some future draft update RFC 4572. What is the preference here given that either option will require another major edit for draft-ietf-mmusic-dtls-sdp? Regards, _____________ Roman Shpount On Thu, Feb 25, 2016 at 10:41 AM, Jonathan Lennox <jonathan@vidyo.com<mailto:jonathan@vidyo.com>> wrote: I can certainly agree that 4572 could use an update. I didn’t completely understand what I was doing when I wrote it; in particular, the idea that the certificate was just a repository for the public key wasn’t something I had completely grasped, and the hash agility was confused. > On Feb 24, 2016, at 5:01 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote: > > On 24 February 2016 at 13:47, Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>> wrote: >> If we are going to make normative references to multiple fingerprints we >> need some place authoritative to reference for the details. > > I recommend judicious use of copy and paste. Feel free to steal text > that I wrote. > > FWIW, my reading of 4572 is that it permits multiple fingerprints: one > for each certificate that might be used. Its failing is that a) it > doesn't allow for hash agility, and b) it's unclear, perhaps in the > extreme. > > However, I see this: > > Endpoints MUST support SHA-256 for generating and verifying the > fingerprint value associated with the DTLS association. The use of > SHA-256 is preferred. > > Which doesn't mention that this requires an update of 4572. > > And this: > > The certificate received during the DTLS handshake MUST match the > fingerprint received in the SDP "fingerprint" attribute. > > Which should say '*a* fingerprint', to allow for there being multiple. > > And this: > > [...] In addition, the offerer > MUST insert an SDP 'setup' attribute according to the procedures in > [RFC4145], and an SDP 'fingerprint' attribute according to the > procedures in [RFC4572], in the offer. > > Which doesn't deal with multiple certificates. > > I also see: > > The > subjectAltName is not an important component of the certificate > verification. > > Which is true but insufficient; the text can simply say that the > certificate is only a receptacle for a public key and authentication > is tied to an a=fingerprint line in the SDP. > > And this: > > This offer includes, as part of the SDP payload, the fingerprint of > the certificate that the endpoint wants to use. The endpoint SHOULD > > Which should be plural fingerprint*s*. > > The pattern repeats throughout. _______________________________________________ mmusic mailing list mmusic@ietf.org<mailto:mmusic@ietf.org> https://www.ietf.org/mailman/listinfo/mmusic
- [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt Flemming Andreasen
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Charles Eckel (eckelcu)
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Charles Eckel (eckelcu)
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Flemming Andreasen
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Paul Kyzivat
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Martin Thomson
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Jonathan Lennox
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Roman Shpount
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Christer Holmberg
- Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-0… Jonathan Lennox