IETF Logo Mail Archive

Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?

Martin Thomson <martin.thomson@gmail.com> Wed, 15 August 2018 06:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 958F3130ECF for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFelppCwwIGI for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69FDA130EB2 for <rtcweb@ietf.org>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id n21-v6so449297oig.3 for <rtcweb@ietf.org>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=pebkvXryX1Mwe7VPH4qscF6MuXhYsycPfISmhW8lOI0=; b=JBahQ4gN0BU20ayMFAyidqk2p6HCMTUr2Mc09s3mgEKBggy5d2XcPaswvop8FuLQyC NgVEBYJLQhmk6ErrOxZ9RC4FEar3I5iK5mRWbH08FMYR88k7YHZ6zcTY9tEQtqhW6/0a TTAxIQmh+QFYhDWFusp3Wn1GPabj1D9s9VBpPAfghjfT42M2AwA3R6UxoS7MrqzjRgu6 P/VK42LJLIrzVerFgKjl0g3tacGPJmzNVk22BEwixa//kISc+iT11GZOY4AzonzbHU7f FywWJy86C0zROIW1wtvo4WZzOTvFvwYynwFyzPzGvq63Qf0RiOfpZBBLmboyoqBph9q7 Px3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=pebkvXryX1Mwe7VPH4qscF6MuXhYsycPfISmhW8lOI0=; b=dX94JhbAYijKpNmdtajWlAW1i8LHPez+7OpXmjMZPXlbT4lX7pDRs/gbFQyVSnSEkY DgCSNcQowDpSaKi6AHogM/DYguRgl/k1Nt+rBMdsnJOQd3UYY4Hk8f8QnZ2fhaDKlZvQ /UKDxB8B5G6nwnyKdIs5aWOFa4nf94OZlXdl6iG64X8z6Amhfhlv+5wKTEfM7kw0X1Jf 2FxW+A3BeFL9ixUtisJgt9QBLQmcTOtrbiNxMND/ZT7/1oqqj0CLtB+D66yhE/Mykn5Z JmcFMhQncqPD1Nhq8i3zg0Sb8Vb5moSiLGgZRP2BOwW/ARx6Owmy9J53Ikl9GW1lIZLB qKrg==
X-Gm-Message-State: AOUpUlHaAFJ1RvTFM9U0Av5ehn+b9429WnGMhEH0yJV7hZylK9RQ0w9s Wxsd3axDLpt8DXydNWyBCux924f7FOkAQaguf4Y=
X-Google-Smtp-Source: AA+uWPxHoGSsPFKn3JHKAZLeLf7fsUWBE4V2VFs9bMUtx/19l6kIApOfeMNgGct0U6pBWBI3EnYzGQTcWBqc1GmMpm4=
X-Received: by 2002:aca:100f:: with SMTP id 15-v6mr27009385oiq.110.1534315827642; Tue, 14 Aug 2018 23:50:27 -0700 (PDT)
MIME-Version: 1.0
References: <D79701DE.34018%christer.holmberg@ericsson.com> <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com> <D7970CF2.34082%christer.holmberg@ericsson.com> <D799A325.34645%christer.holmberg@ericsson.com>
In-Reply-To: <D799A325.34645%christer.holmberg@ericsson.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 15 Aug 2018 16:50:16 +1000
Message-ID: <CABkgnnWmb6LCYs6_OftVx0cUbMykTuPrfDhbQSReTw5U0NqDPg@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/GpHWiywkqSc5PZxp8p72mW0HYiQ>
Subject: Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 06:50:31 -0000

The assertion can change, it's the identity that results that can't
change (in WebRTC, and likely many other cases).
On Wed, Aug 15, 2018 at 4:25 PM Christer Holmberg
<christer.holmberg@ericsson.com> wrote:
>
>
> Hi,
>
> One possibility would be to say that an endpoint is not allowed to add a
> new fingerprint (that hasn¹t been used before within the session), if
> updating of the identity assertion is not supported.
>
> Is it possible to use the same fingerprint for multiple m- lines, even if
> they are not bundled?
>
> Regards,
>
> Christer
>
>
>
> On 13/08/18 10:23, "rtcweb on behalf of Christer Holmberg"
> <rtcweb-bounces@ietf.org on behalf of christer.holmberg@ericsson.com>
> wrote:
>
> >
> >Hi,
> >
> >>Unused fingerprints aren't a problem.  a=fingerprint offers multiple
> >>options, any of which could be used.  The a=identity attribute is no
> >>different.  If a fingerprint is authenticated, but not used, that's OK
> >>as long as the ones that are used are covered.
> >
> >That may require a little re-wording, because I think the text now says
> >that each fingerprint that was used to create the assertion must always be
> >included in offers and answers.
> >
> >>If a new fingerprint is added, that's OK, as long as the a=identity
> >>previously covered that value,
> >
> >That may not be true if one e.g., adds a new m- section with a fingerprint
> >that has not previously been used.
> >
> >>or is amended to include the new value.
> >
> >How does that work?
> >
> >Regards,
> >
> >Christer
> >
> >
> >
> >
> >
> >
> >
> >>On Mon, Aug 13, 2018 at 4:30 PM Christer Holmberg
> >><christer.holmberg@ericsson.com> wrote:
> >>>
> >>>
> >>> Hi,
> >>>
> >>> One thing that came to my mind when working on the SDP Identity
> >>>attribute pull request.
> >>>
> >>> In WebRTC, and in the draft, we assume that the identity assertion is
> >>>bound to the fingerprints.
> >>>
> >>> What if fingerprints are removed, or added, during a session. Will that
> >>>impact the identity assertion?
> >>>
> >>> A fingerprint can be removed if it is only used for one m- section, and
> >>>that m- section is disabled.
> >>>
> >>> Regards,
> >>>
> >>> Christer
> >>> _______________________________________________
> >>> rtcweb mailing list
> >>> rtcweb@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/rtcweb
> >
> >_______________________________________________
> >rtcweb mailing list
> >rtcweb@ietf.org
> >https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email