IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Roman Shpount <roman@telurix.com> Mon, 25 April 2016 14:47 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B3212D1B0 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 07:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Q2s4qgQwMvT for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 07:47:41 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711F212D501 for <mmusic@ietf.org>; Mon, 25 Apr 2016 07:47:41 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id x201so178337724oif.3 for <mmusic@ietf.org>; Mon, 25 Apr 2016 07:47:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=6+IBCY5mPogisTSZM2FYbtec/q0i89PK4a38ewb9jXM=; b=vvSORwyMuqKoQ0kVN7W0b3ArKCaDTChY5u3WIZqdbHSr7eFia8dfubDq26GnKy2feX qUk6mv7trbHoN3VDH7/aO10yElnc4ed+tP6Q2ouciU32wTDYI160shtUzCj6oqvCqIRY t9ygJGwtV8VmywT+f8fMhOqJirCN4HF6q/hIX4+eMgaybHmyz7mcRMjMz+5S2r0rkyQi 7hcpzHVZRnGRFO4NOHMdUBOCp89eqYbqN2tMNEJ991cvdd5RN1u706WC+3ERllu+SxZN jgWfC/Uw5cu7dt8xGfQtNjY+OB58Jbp/MhWWhR92Y4WSgrrwLcpQcexs7eSm1CAmk1IS khbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=6+IBCY5mPogisTSZM2FYbtec/q0i89PK4a38ewb9jXM=; b=EOxtfrO59Wq4pWeNx9jq2wc0Dw2Rld5B06cgRhZXlUePiplRR0nFZxZhF2Rvcqg5KZ iMPpi3rB85uRa5HQUTEAM8xRa2f6TI7rPT8yXSdHsmigAMvUzzoVmHjk4GlZ60M8QUis /xn/bUAChExylK4M9Aupf8OL19Ou7TSkdMVn8NdMa+i1tKscmmE5EuqPqUwfhEFtSML0 yFvQJCjrdKc5aiojTENehVV8hwWYS4SYNx7r2QN/VE9HdK832mWJwocd+wHP/I9s9cD2 +1yzM/1V2OQQHHubWlgtJr2fSE1w9RH8aenlM87646Ucnd3ULGdIAlP0b5erKYaoEWoH qvvA==
X-Gm-Message-State: AOPr4FWz8a5HhfcjwsZGWYeEgm3JQCw7AbsnIHOEemYJI8IQeIGY3ZB0iiHp02x2QuXDYQ==
X-Received: by 10.157.15.226 with SMTP id m31mr2963319otd.31.1461595660754; Mon, 25 Apr 2016 07:47:40 -0700 (PDT)
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com. [209.85.223.180]) by smtp.gmail.com with ESMTPSA id a34sm6468513otb.1.2016.04.25.07.47.40 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Apr 2016 07:47:40 -0700 (PDT)
Received: by mail-io0-f180.google.com with SMTP id u185so185802363iod.3 for <mmusic@ietf.org>; Mon, 25 Apr 2016 07:47:40 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.147.7 with SMTP id v7mr6645135iod.3.1461595659813; Mon, 25 Apr 2016 07:47:39 -0700 (PDT)
Received: by 10.36.144.69 with HTTP; Mon, 25 Apr 2016 07:47:39 -0700 (PDT)
In-Reply-To: <D343F764.77D5%christer.holmberg@ericsson.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com> <D343F764.77D5%christer.holmberg@ericsson.com>
Date: Mon, 25 Apr 2016 10:47:39 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com>
Message-ID: <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="94eb2c055f681bd0c405315042ea"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/_YOct4vG2Gr67MpzEyt3MsmPtOw>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 14:47:48 -0000

Christer,

There is no indication what fingerprint applies to what certificate in SDP
fingerprint attribute. The rule should be if connection is established a
certificate which matches at least one hash that you consider secure, the
connection should be accepted. If you would make it more complicated, this
will likely break backwards interop or would require changes to
fingerprint/DTLS/certificates.

Regards,

_____________
Roman Shpount

On Mon, Apr 25, 2016 at 9:38 AM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> Hi,
>
> I think option 1) does not support hash agility – which is one of the main
> reason from sending multiple fingerprints to begin with – as it assumes
> that the sender and receiver will support the same hash functions.
>
> Option 2) seems to be what Cullen also suggested: as long as there is at
> least one fingerprint (calculated using a has function which the receiver
> considers secure enough) that matches the DTLS association. So, in general
> I support option 2).
>
> However, we need to keep in mind that there may be fingerprints sent for
> multiple certificates. Do we need to mandate at least one match per
> cerfificate?
>
> Regards,
>
> Christer
>
>
>
> From: mmusic <mmusic-bounces@ietf.org> on behalf of Roman Shpount <
> roman@telurix.com>
> Date: Friday 8 April 2016 at 22:14
> To: "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
> Cc: "mmusic@ietf.org" <mmusic@ietf.org>
> Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
>
> I just wanted to re-iterate the question. We have two options:
>
> 1. If m= line has multiple fingerprints with hash functions X, Y, Z, at
> least one fingerprint with each function must match DTLS association for
> the media to be accepted. For example, if m= line has two fingerprints with
> hash function SHA-1, and two with SHA-512, DTLS association certificate
> must match at least one SHA-1 and one SHA-512 fingerprint.
>
> 2. If m= line has multiple fingerprints with hash functions X, Y, Z, at
> least one fingerprint with any hash function which is considered secure
> enough must match DTLS association for the media to be accepted. For
> example, if m= line has two fingerprints with hash function SHA-1, and two
> with SHA-512, DTLS association certificate must match one of either SHA-1
> or SHA-512 fingerprints.
>
> Option 1 has a benefit of being more secure since it provides the combined
> secure of individual hash functions. It does put additional restrictions
> how equipment can be combined into producing a single m= line. For instance
> if fingerprints from two servers are combined into a single m= line and it
> is not known in advance which one will be used, both servers will need to
> always support the same hash functions and be updated at the same time.
>
> Option 2 is less secure since it is only as secure as the least secure
> hash. On the other hand option 2 allows to be more flexible in how
> equipment is combined to form the single m= line. Two servers in above
> example, for instance, can support different hash functions.
>
> I would ask the group to state their preferences.
>
> I prefer option 2 but can live with option 1.
>
> Regards,
>
> _____________
> Roman Shpount
>
> On Fri, Apr 8, 2016 at 11:08 AM, Paul Kyzivat <pkyzivat@alum.mit.edu>
> wrote:
>
>> I don't have a horse in this race. I think those of you who do need to
>> finish deciding what the rules are for multiple fingerprints, and then
>> write the result into the draft update. Clearly it is ambiguous at the
>> moment.
>>
>>         Thanks,
>>         Paul
>>
>> On 4/7/16 5:37 PM, Cullen Jennings wrote:
>>
>>>
>>> On Apr 7, 2016, at 11:20 AM, Roman Shpount <roman@telurix.com
>>>> <mailto:roman@telurix.com>> wrote:
>>>>
>>>> You should check all the hashes you consider secure and if any one of
>>>> them matches the DTLS association certificate, accept the media.
>>>>
>>>
>>> +1
>>>
>>> This allows us to do things like include hash for two servers even when
>>> you re not sure which server will actually be used.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> mmusic mailing list
>>> mmusic@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mmusic
>>>
>>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>
>

v2.23.0 | Report a Bug | By Email