IETF Logo Mail Archive

Re: [rtcweb] Which hashes are valid for the fingerprint attribute?

Alexandre GOUAILLARD <agouaillard@gmail.com> Fri, 11 July 2014 15:06 UTC

Return-Path: <agouaillard@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1B311B2911 for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXIFeIkvaQoF for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:06:33 -0700 (PDT)
Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE8E51B2B70 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:05:54 -0700 (PDT)
Received: by mail-ob0-f169.google.com with SMTP id nu7so1315929obb.14 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1ZpYyq+rwP4bnPEvs4QhorCMDf1bvfVw5Nt3Dtc/B+g=; b=uyteBHvri4CiPXFhMD/19JHJ12daX3COD3sNPJJ5p4q0FSNEFD62hX36MZLYzqyLwl hjur2NTHSownL7pvRyVksOLqrXu4ZRgBEzvirrTDwr/kc20PECstRo3jdocY2fQXBamw ulfPR7LBSsucy8nrQU49qMpaKWRZP2kZCMgVFxuaiOql40EmR25Do0ec4NvkbkTCtXr1 PMU1d+Z2gNRX3y2ottBLGB3x4B+fsKtX/ZQ1rTDD6HdcNIix1J/4ckC4UhYfuyVg53gD WnwJ3WFi50JnJ+XqauwoMB1IZZVbaASNitjioxiYwrJpCT3x6rD9U37VRvlMSgyVEo3W yx2g==
MIME-Version: 1.0
X-Received: by 10.182.245.164 with SMTP id xp4mr21498603obc.23.1405091154118; Fri, 11 Jul 2014 08:05:54 -0700 (PDT)
Received: by 10.202.208.72 with HTTP; Fri, 11 Jul 2014 08:05:54 -0700 (PDT)
In-Reply-To: <CALiegfmwrik8TMb2J=33WzR1mc+X1usq2vVBZW=u-PbX17sdaw@mail.gmail.com>
References: <CALiegfmwrik8TMb2J=33WzR1mc+X1usq2vVBZW=u-PbX17sdaw@mail.gmail.com>
Date: Fri, 11 Jul 2014 23:05:54 +0800
Message-ID: <CAHgZEq72ACGdjBQBqu_vtT7+-L3G=uLAGR8w9KV4mCMAdR6=0A@mail.gmail.com>
From: Alexandre GOUAILLARD <agouaillard@gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="001a11c2b2ee1e4dd704fdec47b8"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/9z7XRks_fl132TtEoCZgWvq-8lA
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Which hashes are valid for the fingerprint attribute?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 15:06:35 -0000

Inaki,

I checked a little bit, following our previous exchange.

There was a thread back in november last year in discuss-webrtc (how to
specify desired hash function(s) (sha-1, sha-256, sha-512) for DTLS-SRTP?)

Justin said "Chrome supports various hash functions in the remote
description (SHA-1, 256, 512). Local description currently only
supports SHA-256,
no plans to change that (although we will probably support longer hashes in
the future for hash agility). Asymmetric hash functions should not be an
issue. If multiple fingerprints are specified in the remote description, I
think Chrome will only use the first one."

then in ORTC there was this thread in april:
"Issue 64: Section 2.5.1 Fingerprint attribute"
in which bernard proposed:
"
dictionary RTCDtlsParameters {
    RTCDtlsRole                  role = "auto";
    sequence<RTCDtlsFingerprint> fingerprint;
};
dictionary RTCDtlsFingerprint {
    RTCDtlsCertificateHashAlgorithm algorithm;
    ArrayBuffer                     value;
};
enum RTCDtlsCertificateHashAlgorithm {
    "sha-1",
    "sha-224",
    "sha-256",
    "sha-384",
    "sha-512"
};
"







On Fri, Jul 11, 2014 at 8:26 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> Hi,
>
> Hi, RFC 5763 and RFC 5764 (DTLS-SRTP) do not mandate a specific hash
> for the fingerprint attribute in the SDP. RFC 5763 refers to RFC 4572
> "Connection-Oriented Media Transport over TLS in SDP”. Its section 5
> clearly opens the door to multiple hash functions:
>
>    hash-func    =  "sha-1" / "sha-224" / "sha-256" /
>                          "sha-384" / "sha-512" /
>                          "md5" / "md2" / token
>                          ; Additional hash functions can only come
>                          ; from updates to RFC 3279
>
>
> I'm pretty sure that WebRTC implementations are not ready for all
> those hash functions. Is there any WebRTC related draft constraining
> the hash functions that can be used?
>
> Thanks a lot.
>
>
> PS: Not sure if this question should be placed here or in public-webrtc ML.
>
> --
> Iñaki Baz Castillo
> <ibc@aliax.net>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>



-- 
Alex. Gouaillard, PhD, PhD, MBA
------------------------------------------------------------------------------------
CTO - Temasys Communications, S'pore / Mountain View
President - CoSMo Software, Cambridge, MA
------------------------------------------------------------------------------------
sg.linkedin.com/agouaillard

   -

v2.23.0 | Report a Bug | By Email