IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 25 April 2016 19:56 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E3E112B034 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 12:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOTr8eAcf1m9 for <mmusic@ietfa.amsl.com>; Mon, 25 Apr 2016 12:56:21 -0700 (PDT)
Received: from resqmta-po-03v.sys.comcast.net (resqmta-po-03v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A1D12B015 for <mmusic@ietf.org>; Mon, 25 Apr 2016 12:56:21 -0700 (PDT)
Received: from resomta-po-09v.sys.comcast.net ([96.114.154.233]) by comcast with SMTP id umabasYF1YPZXumcGaGZ2V; Mon, 25 Apr 2016 19:56:20 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1461614180; bh=T800Q0NjHHGuQXvn+Pt1hTA4fQ9Y0hg88GoIZIpOYrg=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=JzTw9jBx+Qb1uwZo6Rng1J2EZV855Ox11eo5sScWJVNJ2klR1bhjJW+xPP3JHYfqv 0VaAf+31uBE9QO7+Lb9ixyS8O3gqWOk2lx+e//9NPuUi2Q86OMvCpK3uNpVYVI7fri iak6Kr4vxL2o8gyzV6it27iGujFoQ1TqGM6btiyHMCJm3SUlPSiKWA+nvVQuclhXUk aqxZAjMXdBpEoi0LidHhbJwzCswdvPo26MmU7bKkSdC8ypWriolqxnhUL3H6YnvGdW 0UoP19WIznOupvOJIhj76qEDRATeOftw/hnpE28R397r3I6O82S5iHESPpeH6jwVSO AtcungFRL6beg==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-po-09v.sys.comcast.net with comcast id mjwK1s00o3KdFy101jwKqe; Mon, 25 Apr 2016 19:56:20 +0000
To: Christer Holmberg <christer.holmberg@ericsson.com>, Roman Shpount <roman@telurix.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca> <5707C985.5060809@alum.mit.edu> <CAD5OKxv57rSx1wok=d04k1gVaDz0188ijhc97XwZepdX2u9tVA@mail.gmail.com> <D343F764.77D5%christer.holmberg@ericsson.com> <CAD5OKxtMVNTSnyACRmA6NUEtAam0Xc=-cRD_2BCQjfH6Kekhjw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F7CD82@ESESSMB209.ericsson.se> <CAD5OKxuh0CQDA=jNt1nSQ03mQKuD3-V09KOT-rEgEakRBP1Ckw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F7CF63@ESESSMB209.ericsson.se>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <07073395-7f19-0a3b-b39b-38e1db51c391@alum.mit.edu>
Date: Mon, 25 Apr 2016 15:56:19 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B37F7CF63@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/faKipNijTwHnPDmeilgnU-asYAY>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 19:56:22 -0000

On 4/25/16 3:26 PM, Christer Holmberg wrote:
> So, does anyone object to the proposal: no matter how many certificates
> (and associated fingerprints) the SDP contains, as long as there is
> **one** hash (that the receiver supports and consider secure enough)
> matches the certificate, things are good.

The possibility that the fingerprints might cover multiple certs, for 
multiple connections, messes things up.

IIUC, *if* there is only one connection to be protected then all the 
fingerprints must be fingerprints of the cert for that one. And in that 
case if you check one and it fails to match then there is indeed an 
error, even if another one matches.

Should it be acceptable to consider this case a failure? Or is this too 
complicated?

One possibility would be to state that the minimum check, that MUST be 
applied, is that at least one fingerprint MUST match every cert covered 
by the SDP, and that an optional check (MAY be applied) is that *each* 
fingerprint match one of the certs covered by the SDP. (The optional 
check is something that a formal tester/verifier might perform.) It 
would be a requirement that the sender ensure that the harder test 
succeed if the recipient applies it.

I can live with just the minimum being stated.

	Thanks,
	Paul

> (I agree that is also the best (only?) solution from a backward
> compatibility perspective)
>
>
>
> Regards,
>
>
>
> Christer
>
>
>
> *From:*Roman Shpount [mailto:roman@telurix.com]
> *Sent:* 25 April 2016 22:19
> *To:* Christer Holmberg <christer.holmberg@ericsson.com>
> *Cc:* Paul Kyzivat <pkyzivat@alum.mit.edu>; mmusic@ietf.org
> *Subject:* Re: [MMUSIC] 4572 update: forbid weak hashes?
>
>
>
> On Mon, Apr 25, 2016 at 2:37 PM, Christer Holmberg
> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>
> wrote:
>
>     >There is no indication what fingerprint applies to what certificate
>     in SDP fingerprint attribute. >The rule should be if connection is
>     established a certificate which matches at least one hash >that you
>     consider secure, the connection should be accepted. If you would
>     make it more >complicated, this will likely break backwards interop
>     or would require changes to >fingerprint/DTLS/certificates.
>
>
>
>     I don’t want to make things complicated – I want to agree on
>     something, update the draft based on that, and go WGLC :)
>
>
>
>
>
> I agree with trying to keep things simple. This means agreeing to
> something that is secure enough (one match for anything you consider
> secure is enough) vs trying to create something that is more secure (one
> fingerprint for each offered fingerprint hash algorithm must match).
>
>
>
> Regards,
>
> _____________
> Roman Shpount
>
>
>

v2.23.0 | Report a Bug | By Email