IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 08 April 2016 15:09 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CBE712D93B for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 08:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cU6uR9Uaz8uF for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 08:08:59 -0700 (PDT)
Received: from resqmta-ch2-07v.sys.comcast.net (resqmta-ch2-07v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AAC012D943 for <mmusic@ietf.org>; Fri, 8 Apr 2016 08:08:57 -0700 (PDT)
Received: from resomta-ch2-16v.sys.comcast.net ([69.252.207.112]) by comcast with SMTP id oY1FaJ7Crp1BeoY1mamsi9; Fri, 08 Apr 2016 15:08:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460128134; bh=Ldm5eANuiX4GFIRlQgAu3YZe1KB1dhvF0o9xFoie46c=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=MnJhbFkFunzGJG/6vi/R2/1ej5gfH/2aN+7kKVoO3bgTELHc0m87ifwhmlZUHTx3r /F8+1sq5gJh4kUxelV9mPa/0xAr8pH/i8UMsSe8JQAmPkjRyc1n1SUm504CL9GxJQN YurD5J9V/b1Ks/QhdXQoBN6jd6MF1UYHrosoI1DPWNrvSLzjiZRaEuwwaMc8Y/HXl0 VkQUWIjL70YraHeoBzJLVrE+PYdFcgHXyCUJxfptA4UPaO+BrzCtRRxxvX98SaaCAv P4j8F6+MlEGEBXHk18aaS0fJ3YnrL4563X+qI+v2sSm/AzE2k0gWbZk1L5X4FHdk+h 4yFULQjE7Scqg==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-16v.sys.comcast.net with comcast id fr8t1s00K3KdFy101r8tbM; Fri, 08 Apr 2016 15:08:54 +0000
To: mmusic@ietf.org
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <5707C985.5060809@alum.mit.edu>
Date: Fri, 08 Apr 2016 11:08:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/m-I-ACIBuuc_JqiQuFGCABWlU6M>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 15:09:00 -0000

I don't have a horse in this race. I think those of you who do need to 
finish deciding what the rules are for multiple fingerprints, and then 
write the result into the draft update. Clearly it is ambiguous at the 
moment.

	Thanks,
	Paul

On 4/7/16 5:37 PM, Cullen Jennings wrote:
>
>> On Apr 7, 2016, at 11:20 AM, Roman Shpount <roman@telurix.com
>> <mailto:roman@telurix.com>> wrote:
>>
>> You should check all the hashes you consider secure and if any one of
>> them matches the DTLS association certificate, accept the media.
>
> +1
>
> This allows us to do things like include hash for two servers even when
> you re not sure which server will actually be used.
>
>
>
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email