IETF Logo Mail Archive

Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 13 August 2018 07:24 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE44130E64 for <rtcweb@ietfa.amsl.com>; Mon, 13 Aug 2018 00:24:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbllfOyejDBf for <rtcweb@ietfa.amsl.com>; Mon, 13 Aug 2018 00:24:24 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17CAC1294D0 for <rtcweb@ietf.org>; Mon, 13 Aug 2018 00:24:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1534145062; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Q9zRLxlJ73suDtcpquT9ZQHlxesYx8PP3KoBQLGhsCM=; b=XOK89a5lZZauHOfLhoNKpYSfoKSUo5nBKopTgbRzmVlLuTfSxAFIyUbdx1K8204g xMYwO5scLeBN/2o1Po9klTeSz3yapMS8gyBM5UKh3jT8+ZjkGT9XnV0NUf/rARRd VeQfKAGeh7ud4QvJ5MA2ynKiFxlYJU3nhXJR/vd0WsM=;
X-AuditID: c1b4fb3a-864269c00000145f-76-5b7132261a29
Received: from ESESSMB503.ericsson.se (Unknown_Domain [153.88.183.121]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 10.E4.05215.622317B5; Mon, 13 Aug 2018 09:24:22 +0200 (CEST)
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 13 Aug 2018 09:23:35 +0200
Received: from ESESBMB503.ericsson.se ([153.88.183.186]) by ESESBMB503.ericsson.se ([153.88.183.186]) with mapi id 15.01.1466.003; Mon, 13 Aug 2018 09:23:35 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: RTCWeb IETF <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
Thread-Index: AQHUMs8M0o/pIRhEEUmmaI1RsjVoi6S9GHaAgABB7AA=
Date: Mon, 13 Aug 2018 07:23:35 +0000
Message-ID: <D7970CF2.34082%christer.holmberg@ericsson.com>
References: <D79701DE.34018%christer.holmberg@ericsson.com> <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com>
In-Reply-To: <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.7.170905
x-originating-ip: [153.88.183.157]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <471E33AF503B774BA21A61321FAE2DE0@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRmVeSWpSXmKPExsUyM2J7pa6aUWG0wf7P/BbXzvxjtFj7r53d gclj56y77B5LlvxkCmCK4rJJSc3JLEst0rdL4MrYuHwZW8FT7oq9R5tYGhjXcXYxcnJICJhI nLn0la2LkYtDSOAoo8TXHw/YIZxvjBI/djyCyixjlOjaMY+5i5GDg03AQqL7nzZIt4iArsSi syANnBzMAooSX5bPZwOxhQUiJGac/McCURMpcX/2SzYI20piQssaJpAxLAKqEh/Wm4GEeQWs JX7dWcwMsaqJUWL3lTVgMzkFAiWOz1oEZjMKiEl8PwXSC7JLXOLWk/lMEB8ISCzZc54ZwhaV ePn4HyuILSqgJ7HhxG12iLiSxJbeLVC9OhILdn9ig7CtJa68uwIV15ZYtvA1M8RBghInZz5h mcAoMQvJullI2mchaZ+FpH0WkvYFjKyrGEWLU4uLc9ONjPRSizKTi4vz8/TyUks2MQIj8eCW 31Y7GA8+dzzEKMDBqMTDK6JfGC3EmlhWXJl7iFGCg1lJhPcCQ0G0EG9KYmVValF+fFFpTmrx IUZpDhYlcV6nNIsoIYH0xJLU7NTUgtQimCwTB6dUAyPXqSM7l6461f2ZqUbxcElEVva85cv/ BG3ayC1+9diVq1suRd1foHP0b/IvZeV/R57+64xcwnJD8EDHW9uLK5avFuVm37HSci4Pq/h0 fRmroooLG5er3l8XrVJb+bJYZmnZ/pfCa/48+5ekdYTjtjw/g+KVBiUj12KPNnmTvXu9asKv 9z1MfTpViaU4I9FQi7moOBEAOH5OWcACAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/0Ew1VAC5lq-jSKig8oQ4kO-V7Zk>
Subject: Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 07:24:26 -0000

Hi,

>Unused fingerprints aren't a problem.  a=fingerprint offers multiple
>options, any of which could be used.  The a=identity attribute is no
>different.  If a fingerprint is authenticated, but not used, that's OK
>as long as the ones that are used are covered.

That may require a little re-wording, because I think the text now says
that each fingerprint that was used to create the assertion must always be
included in offers and answers.

>If a new fingerprint is added, that's OK, as long as the a=identity
>previously covered that value,

That may not be true if one e.g., adds a new m- section with a fingerprint
that has not previously been used.

>or is amended to include the new value.

How does that work?

Regards,

Christer







>On Mon, Aug 13, 2018 at 4:30 PM Christer Holmberg
><christer.holmberg@ericsson.com> wrote:
>>
>>
>> Hi,
>>
>> One thing that came to my mind when working on the SDP Identity
>>attribute pull request.
>>
>> In WebRTC, and in the draft, we assume that the identity assertion is
>>bound to the fingerprints.
>>
>> What if fingerprints are removed, or added, during a session. Will that
>>impact the identity assertion?
>>
>> A fingerprint can be removed if it is only used for one m- section, and
>>that m- section is disabled.
>>
>> Regards,
>>
>> Christer
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email