IETF Logo Mail Archive

[rtcweb] JSEP fingerprint hash requirements

Kevin Dempsey <kevindempsey70@gmail.com> Thu, 17 October 2013 08:37 UTC

Return-Path: <kevindempsey70@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 275E821F9A57 for <rtcweb@ietfa.amsl.com>; Thu, 17 Oct 2013 01:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sngOetudBhHB for <rtcweb@ietfa.amsl.com>; Thu, 17 Oct 2013 01:37:11 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 64B0121F9A65 for <rtcweb@ietf.org>; Thu, 17 Oct 2013 01:37:11 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id er20so1519277lab.21 for <rtcweb@ietf.org>; Thu, 17 Oct 2013 01:37:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=GAxG6tcceM1JXq79f14RMPaOIchqqcv4RpdmYklWgiE=; b=T935I5CyutMqeJdM36X/ddq2jbc86xpTE/mYyXumy48916JplHbdTQ4dy9mjrWEd9J /Q2GEgN+jC2TQH7xh+xqcjUFXrtvg+z6i/JHd0U9/XcssyNG0ODU0q8QxAoZdxf9ahZP mM9w2ksrV84wRVadxwlGxqQef7enWNsTjxU9djFIeOEo3+QC5h3Njw/XOhgGkdUVLLT9 d91JdcRgkXUQx1HYSyUgpEa4UMWFh/KEqAATP6LihBDtIdgY7294L77qwow8EpcwopQ0 sZvxGSxt6o4b7s5IbCsdt8lbc2c4hmGCyp/XmO57hVOShMT+1JqQXBmp+JWC+KUosYc0 QNEg==
MIME-Version: 1.0
X-Received: by 10.152.170.166 with SMTP id an6mr6341533lac.20.1381999030280; Thu, 17 Oct 2013 01:37:10 -0700 (PDT)
Received: by 10.114.181.226 with HTTP; Thu, 17 Oct 2013 01:37:10 -0700 (PDT)
Date: Thu, 17 Oct 2013 09:37:10 +0100
Message-ID: <CAMvTgcfvaUMWJaD5zX2rt6DWOWBgHEA-SqNtOqxs_bOqw_Ygbg@mail.gmail.com>
From: Kevin Dempsey <kevindempsey70@gmail.com>
To: rtcweb@ietf.org
Content-Type: multipart/alternative; boundary="089e0117747547a4a804e8ebb9df"
Subject: [rtcweb] JSEP fingerprint hash requirements
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 08:37:12 -0000

The JSEP draft says that the fingerprint is REQUIRED to use sha-256 and
additional fingerprints using 'stronger' hashes can be included. However,
RFC 4572 says that the fingerprint hash must match the certificate's
signature algorithm. Recent chrome canary builds have stopped using sha-256
and use sha-1 as that matches their certificate's signature algorithm.

So:
1) does the fingerprinh hash need to match the certificate
2) do webrtc compatible endpoints need to handle hashes 'weaker' than
sha-256
3) are there any rules for handling multiple fingerprints?

Regards,
Kevin

v2.23.0 | Report a Bug | By Email