Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher?
Christer Holmberg <christer.holmberg@ericsson.com> Thu, 25 February 2016 20:02 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1813D1B33D6 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 12:02:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dMK9-uiY555 for <mmusic@ietfa.amsl.com>; Thu, 25 Feb 2016 12:01:59 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00BD31B3469 for <mmusic@ietf.org>; Thu, 25 Feb 2016 12:01:19 -0800 (PST)
X-AuditID: c1b4fb2d-f794c6d000006f31-d7-56cf5d8d767a
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 19.15.28465.D8D5FC65; Thu, 25 Feb 2016 21:01:17 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.73]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0248.002; Thu, 25 Feb 2016 21:01:17 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>
Thread-Topic: Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher?
Thread-Index: AQHRcAKbCMtOTN/OL0exiSX7tCPD3589Lb7A
Date: Thu, 25 Feb 2016 20:01:16 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B37E44499@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B37E411AC@ESESSMB209.ericsson.se> <CAD5OKxsi_i7xmK1rsEuSNBXi=wa76OY9M_r5+XaSnqV=T4=eWA@mail.gmail.com>
In-Reply-To: <CAD5OKxsi_i7xmK1rsEuSNBXi=wa76OY9M_r5+XaSnqV=T4=eWA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B37E44499ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCIsWRmVeSWpSXmKPExsUyM2K7q25v7PkwgyUNJhbXzvxjtJi6/DGL xYoNB1gtZlyYyuzA4vH3/Qcmj52z7rJ7LFnyk8nj1pSCAJYoLpuU1JzMstQifbsEroyLG9cy FnS0MVa87v7E3sC4p4mxi5GDQ0LAROLVX54uRk4gU0ziwr31bF2MXBxCAocZJXY83s0OkhAS WMwocfadA0g9m4CFRPc/bZCwiICqxN/vk5lA6pkFljBK/Nu2kAUkISwQLLFj/X1miKIQieZb T5ggbCOJW1MOs4HYLEDNc2YfYAWxeQV8Jd5+OcsKsXgKo8SMbY/BijgFAiUeLTgLZjMCXff9 1BqwQcwC4hK3nsxngrhaQGLJnvPMELaoxMvH/1ghbCWJtYe3s0DU50v8WPWcBWKZoMTJmU9Y JjCKzkIyahaSsllIymYB/cwsoCmxfpc+RImixJTuh+wQtoZE65y57MjiCxjZVzGKFqcWF+em GxnrpRZlJhcX5+fp5aWWbGIExuXBLb91dzCufu14iFGAg1GJh3fD37NhQqyJZcWVuYcYJTiY lUR4T4aeDxPiTUmsrEotyo8vKs1JLT7EKM3BoiTOu8Z5fZiQQHpiSWp2ampBahFMlomDU6qB UXgtj+7Sa12TJ1kUNVcsrDo6/d3BSWqmrR6P5Vc+/fbfK3Txehm2y3u/Tbh7XHsC6wyl1N2J f0/l9E9fUir44eYUf7+480//Hrnq2hb2pebvWp0Yjduiu5V2n7DRzG6svL5356VpZ2bFn/jb uOjCbIVePgvj42eEFNxYree06Db5hsjNrttlMkGJpTgj0VCLuag4EQCLCbeLxwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/ahZBFO4GY4GpK_FTFJn1pk8Nc0s>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 20:02:01 -0000
Hi, If we think the update to 4572 will be more than “a few sentences”, I agree we should probably have a separate draft. We are already updating two RFCs in draft-dtls-sdp, so… Regards, Christer From: Roman Shpount [mailto:roman@telurix.com] Sent: 25 February 2016 21:28 To: Christer Holmberg <christer.holmberg@ericsson.com> Cc: mmusic@ietf.org; Martin Thomson (martin.thomson@gmail.com) <martin.thomson@gmail.com>; pkyzivat@alum.mit.edu Subject: Re: Aligning RFC 4572 and draft-dtls-sdp regarding preferred SHA cipher? On Thu, Feb 25, 2016 at 4:51 AM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote: RFC 4572 (tls-sdp) contains the following text: “Following RFC 3279 [7] as updated by RFC 4055 [9], therefore, the defined hash functions are 'SHA-1' [11] [19], 'SHA-224' [11], 'SHA-256' [11], 'SHA-384' [11], 'SHA-512' [11], 'MD5' [12], and 'MD2' [13], with 'SHA-1' preferred.” Draft-dtls-sdp contains the following text: “Endpoints MUST support SHA-256 for generating and verifying the fingerprint value associated with the DTLS association. The use of SHA-256 is preferred.” I.e. for TLS SHA-1 is preferred, and for DTLS SHA-256 is preferred. Martin suggested (I assume) that we should update RFC 4572, to make SHA-256 preferred also for TLS. Assuming we do the update, I guess the updated 4572 text would say: “Following RFC 3279 [7] as updated by RFC 4055 [9], therefore, the defined hash functions are 'SHA-1' [11] [19], 'SHA-224' [11], 'SHA-256' [11], 'SHA-384' [11], 'SHA-512' [11], 'MD5' [12], and 'MD2' [13], with 'SHA-256' preferred.” Q1: Do people agree to updating the preferred cipher in 4572? Q3: IF(Q1) Should the update be done within draft-dtls-sdp, or should we create a separate draft/milestone for it? I think the has function preference should be updated in 4572. I would prefer a separate draft for RFC 4572 update. There are enough issues with RFC 4572, including handling of multiple fingerprints, that justify a complete rewrite of TLS SDP negotiation procedures. If it would be decided that RFC 4572 should be updated in draft-dtls-sdp (not my preference), I would prefer to extend the draft to cover SDP for DTLS and TLS, so that it obsoletes RFC 4572 instead of patching it. Regards, _____________ Roman Shpount
- [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp reg… Christer Holmberg
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Roman Shpount
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Christer Holmberg
- Re: [MMUSIC] Aligning RFC 4572 and draft-dtls-sdp… Cullen Jennings