Re: [MMUSIC] 4572 update: forbid weak hashes?
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 25 April 2016 13:38 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4378112D1BB for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 06:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjJHkYMNCKW9 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 06:38:37 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE7312B014 for <mmusic@ietf.org>; Mon, 25 Apr 2016 06:38:36 -0700 (PDT)
X-AuditID: c1b4fb3a-f79386d00000467b-74-571e1ddaad60
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.183.30]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 6F.07.18043.ADD1E175; Mon, 25 Apr 2016 15:38:34 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.117]) by ESESSHC004.ericsson.se ([153.88.183.30]) with mapi id 14.03.0248.002; Mon, 25 Apr 2016 15:38:34 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Thread-Topic: [MMUSIC] 4572 update: forbid weak hashes?
Thread-Index: AQHRkMlvyALEPXgXDkKRhXLaT8/AmJ9+gkOg///n5gCAACIUsP//4eqAgAB6NgCAASWpgIAARJyAgBqMZgA=
Date: Mon, 25 Apr 2016 13:38:34 +0000
Message-ID: <D343F764.77D5%christer.holmberg@ericsson.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com>
In-Reply-To: <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [153.88.183.146]
Content-Type: multipart/alternative; boundary="_000_D343F76477D5christerholmbergericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrAIsWRmVeSWpSXmKPExsUyM2K7nO4tWblwg1NHjS2mLn/MYrFiwwFW ixkXpjI7MHv8ff+ByWPJkp9MHremFAQwR3HZpKTmZJalFunbJXBlbFm/i7lgY0TFsa1TmBoY L3t1MXJySAiYSLyf8IcRwhaTuHBvPRuILSRwhFFic1tRFyMXkL2EUeJF8yXmLkYODjYBC4nu f9ogNSIC3hJ9fR3sIGFmAXWJq4uDQMLCAmYSn673sUGUmEv8bGhkgbCTJM492gkWZxFQlfj+ 7j6YzStgJXHi011WiFWvmSWurnsGluAUCJSYvK8N7DZGoNu+n1rDBGIzC4hL3HoynwniZgGJ JXvOM0PYohIvH/9jBbFFBfQk9r04D/WXksSPDZdYIHrjJe7v3soKsVhQ4uTMJywTGMVmIRk7 C0nZLCRlEHEDiffn5jND2NoSyxa+hrL1JTZ+OcsIYVtLNHy7zISsZgEjxypG0eLU4uLcdCMj vdSizOTi4vw8vbzUkk2MwHg9uOW31Q7Gg88dDzEKcDAq8fAu4JQNF2JNLCuuzD3EKMHBrCTC u0BGLlyINyWxsiq1KD++qDQntfgQozQHi5I4b07kvzAhgfTEktTs1NSC1CKYLBMHp1QDo8Id VZPWTR+F/npErbl0l6MhaV7SIh7r3Wkcn66kH1+bF/jN5agwV6bt1V3pbyMX2q0OCTq0vLE2 81lpwt/4dNZpc1y84t9ciWkLvVLVFrCHQY79y7fH+p1Ptqr/e3nx5aIfWp02Kya+f3M4MPM2 283WnmdCk5eI5V9l5zPM8ztwsf9MQ034FCWW4oxEQy3mouJEAL76uhXTAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/eAA5d-KBzxsdC2p2Lv9s2SGcg6A>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 13:38:39 -0000
Hi,
I think option 1) does not support hash agility – which is one of the main reason from sending multiple fingerprints to begin with – as it assumes that the sender and receiver will support the same hash functions.
Option 2) seems to be what Cullen also suggested: as long as there is at least one fingerprint (calculated using a has function which the receiver considers secure enough) that matches the DTLS association. So, in general I support option 2).
However, we need to keep in mind that there may be fingerprints sent for multiple certificates. Do we need to mandate at least one match per cerfificate?
Regards,
Christer
From: mmusic <mmusic-bounces@ietf.org<mailto:mmusic-bounces@ietf.org>> on behalf of Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Friday 8 April 2016 at 22:14
To: "pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>" <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>
Cc: "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
I just wanted to re-iterate the question. We have two options:
1. If m= line has multiple fingerprints with hash functions X, Y, Z, at least one fingerprint with each function must match DTLS association for the media to be accepted. For example, if m= line has two fingerprints with hash function SHA-1, and two with SHA-512, DTLS association certificate must match at least one SHA-1 and one SHA-512 fingerprint.
2. If m= line has multiple fingerprints with hash functions X, Y, Z, at least one fingerprint with any hash function which is considered secure enough must match DTLS association for the media to be accepted. For example, if m= line has two fingerprints with hash function SHA-1, and two with SHA-512, DTLS association certificate must match one of either SHA-1 or SHA-512 fingerprints.
Option 1 has a benefit of being more secure since it provides the combined secure of individual hash functions. It does put additional restrictions how equipment can be combined into producing a single m= line. For instance if fingerprints from two servers are combined into a single m= line and it is not known in advance which one will be used, both servers will need to always support the same hash functions and be updated at the same time.
Option 2 is less secure since it is only as secure as the least secure hash. On the other hand option 2 allows to be more flexible in how equipment is combined to form the single m= line. Two servers in above example, for instance, can support different hash functions.
I would ask the group to state their preferences.
I prefer option 2 but can live with option 1.
Regards,
_____________
Roman Shpount
On Fri, Apr 8, 2016 at 11:08 AM, Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>> wrote:
I don't have a horse in this race. I think those of you who do need to finish deciding what the rules are for multiple fingerprints, and then write the result into the draft update. Clearly it is ambiguous at the moment.
Thanks,
Paul
On 4/7/16 5:37 PM, Cullen Jennings wrote:
On Apr 7, 2016, at 11:20 AM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>
<mailto:roman@telurix.com<mailto:roman@telurix.com>>> wrote:
You should check all the hashes you consider secure and if any one of
them matches the DTLS association certificate, accept the media.
+1
This allows us to do things like include hash for two servers even when
you re not sure which server will actually be used.
_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic
_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic
- [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Dale R. Worley
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Cullen Jennings
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount