[rtcweb] draft-ietf-rtcweb-security-arch Section 5.5: mandatory-to-implement certificate algorithms
Bernard Aboba <bernard.aboba@gmail.com> Sun, 18 June 2017 01:57 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F359120454 for <rtcweb@ietfa.amsl.com>; Sat, 17 Jun 2017 18:57:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOLTullrawYH for <rtcweb@ietfa.amsl.com>; Sat, 17 Jun 2017 18:57:30 -0700 (PDT)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80EDE1201F2 for <rtcweb@ietf.org>; Sat, 17 Jun 2017 18:57:30 -0700 (PDT)
Received: by mail-vk0-x22f.google.com with SMTP id g66so37599174vki.1 for <rtcweb@ietf.org>; Sat, 17 Jun 2017 18:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=egUst2U6HKgztfW1qQ+McsxC38wdksSkVdAx57QTx8E=; b=RMzsheFZyoHJ5HS7WqCA9dKdkyqXlY32APIkGzmukdieKl2ZvtAl2BeCQ1T7ENwy8i AgJQl07w51ojlN5sVqSBBIuSIBPlxVR3dbuYseHxW3OENRBCwLx8zWFNC76sPTo6NQoN EpXAYZMTgdVCdHgSvhCoCSpaM0cfmKRcAG4RqLUBDcxPgmUCMb8H2+W1twQtJ8vnmTVe ALZaxCuPBXtmtGL/bnjPkpzCYqItv7+GC1Cw+Wm7jWBfmDENCGICKd4eZoKgJeZ7uTn0 QGCCxErfSMLgJvV0tCurZ9/9p0ntTu3vr5dgwhoq/ZMztrVYhYW6ZbQrj6t8AcChEwa8 hpJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=egUst2U6HKgztfW1qQ+McsxC38wdksSkVdAx57QTx8E=; b=OWNOm07VxJPoIKhqb9f5GyD037l6x5gae+aaGuGAXELqmD4q+rTNruMsuv8YVXIua/ p2bybJjylGYrIdwUKNhM2F7PzX5AXoCNApM28pL1l0SyGK8ATckp8n00n3tj65++cts8 E7t6C/d1q8G1lIUdnmUeHEGrR3LYcRw6+iFjWPnhYtvzIJTRnqO479LNhu5D7Ne962u/ nKDxiwlFo1jLcEZx6/sjPZlUQ+X6K1fxy8gL7rgbSqxv1KgmHuLj4ZF/A8FrFHnACNnN 5PNSFK4BdDSSZqVoa3Rbzp8/foN8vFc4cJ3VCIu0GcZM89eg1zpn8+/Hkb/E9L33r/IP avRg==
X-Gm-Message-State: AKS2vOwnr1AHO/ifxWxoIEk3UvfOPTjWcdMHjk/SeD96njtqjhR4gaDW s877KU7EBTlFn6rmBSQhEyEK+40aQM1CHCE=
X-Received: by 10.31.173.134 with SMTP id w128mr9705893vke.125.1497751049371; Sat, 17 Jun 2017 18:57:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.52.218 with HTTP; Sat, 17 Jun 2017 18:57:09 -0700 (PDT)
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Sat, 17 Jun 2017 18:57:09 -0700
Message-ID: <CAOW+2ds=-mrC5+j4XG71ox7ACtUCBGQQTEKhqFfa2ZByUjvuUA@mail.gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Cc: "fluffy@cisco.com" <fluffy@cisco.com>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Content-Type: multipart/alternative; boundary="001a1143f0ce4286a40552325708"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/-rM7NIEv99hLzLzb6yUXI8epRIs>
Subject: [rtcweb] draft-ietf-rtcweb-security-arch Section 5.5: mandatory-to-implement certificate algorithms
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2017 01:57:33 -0000
Currently, draft-ietf-rtcweb-security-arch Section 5.5 specifies mandatory-to-implement (D)TLS ciphersuites. However, it does not specify the mandatory-to-implement certificate algorithms. Issue https://github.com/w3c/webrtc-pc/issues/1258 has been filed against the WebRTC 1.0 specification Section 4.10, which states: The following values must be supported by a user agent <https://rawgit.com/w3c/webrtc-pc/master/webrtc.html#dfn-user-agent>: { name: "RSASSA-PKCS1-v1_5 <https://w3c.github.io/webcrypto/Overview.html#rsassa-pkcs1>", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" }, and { name: "ECDSA <https://w3c.github.io/webcrypto/Overview.html#ecdsa>", namedCurve: "P-256 <https://w3c.github.io/webcrypto/Overview.html#dfn-NamedCurve>" }. NOTE It is expected that a user agent <https://rawgit.com/w3c/webrtc-pc/master/webrtc.html#dfn-user-agent> will have a small or even fixed set of values that it will accept. Can this text (or some suitable replacement) be added to draft-ietf-rtcweb-security-arch? Bernard Aboba On behalf of the W3C WEBRTC WG
- [rtcweb] draft-ietf-rtcweb-security-arch Section … Bernard Aboba