Re: [MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-4572-update-12: (with COMMENT)
Roman Shpount <roman@telurix.com> Thu, 02 February 2017 17:48 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7474D1294CA for <mmusic@ietfa.amsl.com>; Thu, 2 Feb 2017 09:48:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PurUUm_5svFc for <mmusic@ietfa.amsl.com>; Thu, 2 Feb 2017 09:48:03 -0800 (PST)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FD96129485 for <mmusic@ietf.org>; Thu, 2 Feb 2017 09:48:03 -0800 (PST)
Received: by mail-qt0-x22f.google.com with SMTP id x49so42580258qtc.2 for <mmusic@ietf.org>; Thu, 02 Feb 2017 09:48:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dtJVdkm+V0RoZir4KM0e1bdrj/w0h2NZYmOCtDwX+Uw=; b=sExu4xXL04UlksdlRn5HnWvh6faxUC5vpqBYZx1eq5xk+VPIdwontLntkiaCHniPms Z9xfl8bdcpvzO/xR26ndvTb9WeFumfSbVo0dx4d9XQneB7Sywf5wOaV1JqW88IyB/aYt Xa29zr30zW/fEyf2YrNWV+UN2O2q6URcyT74lMIS9983lcnAf3dl9pPhtouqV6LQbUNu Zk9cTzB2q67Jpogh+yCPA9TfOUnKpsnFZfgNeOG5TcUmGdQ+LDR1MPLzkmU3dAT2mo9i zywl8eCSBIbmLgSvbC6bqn/aAqN+DP2SNVwmzoHgkZXpHEMfd+PSmOadW2HMBHzWvg70 pHIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dtJVdkm+V0RoZir4KM0e1bdrj/w0h2NZYmOCtDwX+Uw=; b=bchkXp+zxDmV/d45VAb/sm8EdcHoGYaLC6vzljcezXOf4oaw4EnvDBYEqkwBSkYVlI FcHDHKX4EKY9Mz00QlHywSB2xhPQ2smWFc3Cy9mjLYLcKyijdAB9AwrgpkzTRr/X/4Yt /FKWdwvgi/jP6iN1vu6S3iKEjrDxgOfeIyLeE3guYC3UZb/1dboyOPWEza7c04D2pUhO LSkhFZ4LJICBasmCe1tKRWX3DMKeNA99x6Q09osxdBXEo8AuK/EyjCIopah74xnP2h2I R8cJPUT5mZ5tzEjT3Vn9EQdQ5TMPqDV9pW8Oh8KOrbjNhcHqeC2GFSQYgoWih7uEJ/Ms W6fg==
X-Gm-Message-State: AIkVDXLFZ436j2+S+O6RZx64k5EFA3SUHJwHyjPGc3KksXQirI017NWPcyIFPJpJeAh6Ag==
X-Received: by 10.55.214.207 with SMTP id p76mr9156648qkl.241.1486057682008; Thu, 02 Feb 2017 09:48:02 -0800 (PST)
Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com. [209.85.216.172]) by smtp.gmail.com with ESMTPSA id 23sm22058421qtp.20.2017.02.02.09.48.01 for <mmusic@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Feb 2017 09:48:01 -0800 (PST)
Received: by mail-qt0-f172.google.com with SMTP id v23so42919099qtb.0 for <mmusic@ietf.org>; Thu, 02 Feb 2017 09:48:01 -0800 (PST)
X-Received: by 10.237.50.101 with SMTP id y92mr9907907qtd.179.1486057681179; Thu, 02 Feb 2017 09:48:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.131.66 with HTTP; Thu, 2 Feb 2017 09:48:00 -0800 (PST)
In-Reply-To: <87100955-2655-90fe-70db-aaf0182a2224@comcast.net>
References: <148597343438.19146.978420245557276514.idtracker@ietfa.amsl.com> <7594FB04B1934943A5C02806D1A2204B4BFD8E04@ESESSMB209.ericsson.se> <ADDF7E75-1CE6-431E-BC93-4B92760440CD@nostrum.com> <22b63f2b-5f73-bca2-09b1-6c983126d21f@comcast.net> <D4B8B9E9.17427%christer.holmberg@ericsson.com> <87100955-2655-90fe-70db-aaf0182a2224@comcast.net>
From: Roman Shpount <roman@telurix.com>
Date: Thu, 02 Feb 2017 12:48:00 -0500
X-Gmail-Original-Message-ID: <CAD5OKxv-z6h+_iJ4P1j-Zo9oGU+twgMYwDQp+DYno+oCEq3FRw@mail.gmail.com>
Message-ID: <CAD5OKxv-z6h+_iJ4P1j-Zo9oGU+twgMYwDQp+DYno+oCEq3FRw@mail.gmail.com>
To: Paul Kyzivat <paul.kyzivat@comcast.net>
Content-Type: multipart/alternative; boundary="001a114d7daa33e2d805478fc435"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/nar7dvkkxmwvpncHzhmPf3j5g2M>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-4572-update-12: (with COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 17:48:05 -0000
On Thu, Feb 2, 2017 at 12:15 PM, Paul Kyzivat <paul.kyzivat@comcast.net> wrote: > On 2/2/17 3:28 AM, Christer Holmberg wrote: > >> Hi Paul, >> >> ---------------------------------------------------------------------- >>>>> COMMENT: >>>>> ---------------------------------------------------------------------- >>>>> >>>>> Section 5.1 says: >>>>>> >>>>>> "An endpoint MAY, in addition to its more preferred hash function, >>>>>> also verify that each certificate used matches fingerprints >>>>>> calculated using other hash functions. Unless there is a matching >>>>>> fingerprint for each tested hash function, the endpoint MUST NOT >>>>>> establish the TLS connection." >>>>>> >>>>>> This seems a little weird to me. It's up to the endpoint to decide >>>>>> whether to check for errors, and then if it >>>>>> does find an error it can't setup the connection, whereas if it just >>>>>> hadn't checked it would be able to setup >>>>>> the connection. I think it would help to explain why an endpoint >>>>>> would be motivated to check multiple fingerprints. >>>>>> >>>>> >>>>> I think the only use-case that came up was a situation where the >>>>> receiver is not sure which hash function is the "strongest", and >>>>> therefor checks multiple. However, it was also realized that with the >>>>> multiple set of hash functions such situation is very unlikely to >>>>> occur. >>>>> >>>>> So, I could add the following note: >>>>> >>>>> "NOTE: An endpoint might choose to match each used certificate against >>>>> fingerprints calculated using multiple >>>>> hash functions e.g, if the endpoint is unsure which hash function is >>>>> the strongest." >>>>> >>>> >>>> In retrospect, I have to question that motivation. Is it that hard to >>>> figure out? It seems like if you have two hash functions that are >>>> reasonably equal, an implementation could just pick one. >>>> >>>> >>>>> ...or we could simply delete the text. I personally would go for that, >>>>> but in case others want to keep it I have no problem with that. >>>>> >>>> >>>> Given that this has caused confusion at every step, I support removing >>>> the text. >>>> >>> >>> ISTM that the main point here is: *if* the recipient happens to check >>> more than one hash, a failure of any one of them is to be considered an >>> overall failure, rather than a success of one and a failure of another >>> being considered a success. >>> >> >> The question was WHY an endpoint would check more than one hash function >> to begin with, and the only reason we have came up with is if the endpoint >> doesn¹t ³know" which is the strongest hash - which sounds a little weird. >> > > I don't see why we need to know why. Maybe they intend to try them all, > just for completeness. > > But if there is ever a question about the validity of an implementation, I > don't want to be arguing with somebody who says: > > "I tried them all, and several failed but one succeeded so I decided it > must be ok." > What we are trying to say is: There MUST be a fingerprint matching the used certificate for each hash algorithm present. End point SHOULD pick a set of one or more preferred hash functions that should be checked to satisfy end point's security requirements. Unless there is a matching fingerprint for each tested hash function, the endpoint MUST NOT establish the TLS connection. It is recommended that a single matching SHA-256 fingerprint should be sufficient to verify the certificate. Think of this as personal ID. You need one photo ID to get on the plain, but bank will ask for two forms of ID before giving you money. _____________ Roman Shpount
- [MMUSIC] Alissa Cooper's No Objection on draft-ie… Alissa Cooper
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Christer Holmberg
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Alissa Cooper
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Christer Holmberg
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Ben Campbell
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Roman Shpount
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Paul Kyzivat
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Christer Holmberg
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Christer Holmberg
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Christer Holmberg
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Paul Kyzivat
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Roman Shpount
- Re: [MMUSIC] Alissa Cooper's No Objection on draf… Ben Campbell