Re: [MMUSIC] 4572 update: forbid weak hashes?
Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 08 April 2016 15:09 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CBE712D93B for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 08:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cU6uR9Uaz8uF for <mmusic@ietfa.amsl.com>; Fri, 8 Apr 2016 08:08:59 -0700 (PDT)
Received: from resqmta-ch2-07v.sys.comcast.net (resqmta-ch2-07v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AAC012D943 for <mmusic@ietf.org>; Fri, 8 Apr 2016 08:08:57 -0700 (PDT)
Received: from resomta-ch2-16v.sys.comcast.net ([69.252.207.112]) by comcast with SMTP id oY1FaJ7Crp1BeoY1mamsi9; Fri, 08 Apr 2016 15:08:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460128134; bh=Ldm5eANuiX4GFIRlQgAu3YZe1KB1dhvF0o9xFoie46c=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=MnJhbFkFunzGJG/6vi/R2/1ej5gfH/2aN+7kKVoO3bgTELHc0m87ifwhmlZUHTx3r /F8+1sq5gJh4kUxelV9mPa/0xAr8pH/i8UMsSe8JQAmPkjRyc1n1SUm504CL9GxJQN YurD5J9V/b1Ks/QhdXQoBN6jd6MF1UYHrosoI1DPWNrvSLzjiZRaEuwwaMc8Y/HXl0 VkQUWIjL70YraHeoBzJLVrE+PYdFcgHXyCUJxfptA4UPaO+BrzCtRRxxvX98SaaCAv P4j8F6+MlEGEBXHk18aaS0fJ3YnrL4563X+qI+v2sSm/AzE2k0gWbZk1L5X4FHdk+h 4yFULQjE7Scqg==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-16v.sys.comcast.net with comcast id fr8t1s00K3KdFy101r8tbM; Fri, 08 Apr 2016 15:08:54 +0000
To: mmusic@ietf.org
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B37F27D6E@ESESSMB209.ericsson.se> <CAD5OKxtb4Ss8BzeBDMUs7V7Yfx3YC0U53JmhZLen1C2+FkyGog@mail.gmail.com> <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <5707C985.5060809@alum.mit.edu>
Date: Fri, 08 Apr 2016 11:08:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <4F76BA3A-A69A-473E-97DA-287E6E571324@iii.ca>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/m-I-ACIBuuc_JqiQuFGCABWlU6M>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 15:09:00 -0000
I don't have a horse in this race. I think those of you who do need to finish deciding what the rules are for multiple fingerprints, and then write the result into the draft update. Clearly it is ambiguous at the moment. Thanks, Paul On 4/7/16 5:37 PM, Cullen Jennings wrote: > >> On Apr 7, 2016, at 11:20 AM, Roman Shpount <roman@telurix.com >> <mailto:roman@telurix.com>> wrote: >> >> You should check all the hashes you consider secure and if any one of >> them matches the DTLS association certificate, accept the media. > > +1 > > This allows us to do things like include hash for two servers even when > you re not sure which server will actually be used. > > > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic >
- [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Jonathan Lennox
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Dale R. Worley
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Martin Thomson
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Cullen Jennings
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount
- Re: [MMUSIC] 4572 update: forbid weak hashes? Christer Holmberg
- Re: [MMUSIC] 4572 update: forbid weak hashes? Paul Kyzivat
- Re: [MMUSIC] 4572 update: forbid weak hashes? Roman Shpount