IETF Logo Mail Archive

Re: [MMUSIC] 4572 update: forbid weak hashes?

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 07 April 2016 19:27 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA71812D1C0 for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 12:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RaMWxprsK6oj for <mmusic@ietfa.amsl.com>; Thu, 7 Apr 2016 12:27:23 -0700 (PDT)
Received: from resqmta-po-12v.sys.comcast.net (resqmta-po-12v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45F0312D1F0 for <mmusic@ietf.org>; Thu, 7 Apr 2016 12:27:23 -0700 (PDT)
Received: from resomta-po-10v.sys.comcast.net ([96.114.154.234]) by comcast with SMTP id oFZza4D1bsK9moFaMaa3aA; Thu, 07 Apr 2016 19:27:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1460057242; bh=PHYKqy5/YK9Ow5FigO+OvU84Om4N2Wa3+BpBYXnNsaU=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=vKGYgtAcaaKZo0i3pOubavhl8G4yd1TZuoMFbsU+/xWK5bvayndEmYDj53PMrSKB1 b26ajxDqs84S/woJioiLRaCCYtF07al1p8TPJoRswnh4UsSxb9yWz+CTl93kUPjO3I uxhz+k0IVolUZMHVAC/R4YfCXCc3kzDkFtPI26p0Oz6lXBUq5g1jtuKU6ondBK2934 jGh9Tq85kuAYyTjFJJFq7SS3erXPIpK+I+/1zRM6rmdIc5hL/N6+cczZ1GIuS3vQGs OetpgIHj/Aere4SO1omvYBOAv087mjOBvlRnsyV7q+5DdVl4l2XKeiFK3VBPD3GWv+ dANKJ8BJGrCKQ==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-po-10v.sys.comcast.net with comcast id fXTN1s0013KdFy101XTNEy; Thu, 07 Apr 2016 19:27:22 +0000
To: Roman Shpount <roman@telurix.com>
References: <4D60EE45-BECA-4A46-98EF-FF4AA482B42E@vidyo.com> <7594FB04B1934943A5C02806D1A2204B37F27B70@ESESSMB209.ericsson.se> <CABkgnnU0qwkUGLv4rkax3hbat9Fb6kXDH9TKZv3MukepN7PkmQ@mail.gmail.com> <57067AFE.9070704@alum.mit.edu> <CAD5OKxtX9HLWJJgKsG7hNJbRB1muS+fe8Pnnm=g4+=ryPyMN+A@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <5706B499.9030209@alum.mit.edu>
Date: Thu, 07 Apr 2016 15:27:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <CAD5OKxtX9HLWJJgKsG7hNJbRB1muS+fe8Pnnm=g4+=ryPyMN+A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/oZzNHFLUz5N08ySUc1rgNBlbIgQ>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 4572 update: forbid weak hashes?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 19:27:24 -0000

On 4/7/16 3:08 PM, Roman Shpount wrote:
> On Thu, Apr 7, 2016 at 11:21 AM, Paul Kyzivat <pkyzivat@alum.mit.edu
> <mailto:pkyzivat@alum.mit.edu>> wrote:
>
>     If you check the strongest hash you can and it succeeds, then what
>     is the point of checking any others?
>
>
> If you check any hash that you consider secure and it succeeds, you do
> not need to check any others. There is no difference if it is the
> strongest or just the hash that is strong enough.

>     The one check should be sufficient if there is only one stream. It
>     is a bit more complex if there are multiple streams (e.g., RTP and
>     RTCP).
>
>     How about:
>
>     1) implement as many as you can of hashes you consider strong enough.
>
>     2) for all the streams you are originating:
>         include fingerprints using all the hashes you support.
>         (Or is it ok to include fewer?)
>
> It might be ok to include fewer but I cannot think of a single reason
> why you would do this.
>
>     3) for streams you are receiving:
>
>     3.1) discard any fingerprints using hashes you don't support,
>           and any that you consider too weak to be trusted.
>
>     3.2) sort the remaining fingerprints, strongest hashes first.
>
> There is no reason to sort. This will not make hash check any more
> secure. If a hash you consider secure is compromised you will just get
> false positive slightly later. There is probably a reason to sort hashes
> based on the amount of resources it will take for you to check them,
> with easiest to check first  in order to optimize the hash checking
> process. This will likely sort the hashes weakest first.

If everybody did this, and the easiest to check one is compromised, and 
used by a MiTH to inject a bogus cert that matches that nobody might 
notice. Isn't that undesirable?

	Thanks,
	Paul

>     3.3) for each stream, check fingerprints from the list in order
>           until you find one that matches.
>           Reject the session if none match.
>
>
> Once again, if any match accept the session. If none match, reject.
> Checking order does not matter and will not affect overall security.
>
> Regards,
> _____________
> Roman Shpount

v2.23.0 | Report a Bug | By Email