Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
Martin Thomson <martin.thomson@gmail.com> Wed, 15 August 2018 06:50 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 958F3130ECF for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFelppCwwIGI for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69FDA130EB2 for <rtcweb@ietf.org>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id n21-v6so449297oig.3 for <rtcweb@ietf.org>; Tue, 14 Aug 2018 23:50:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=pebkvXryX1Mwe7VPH4qscF6MuXhYsycPfISmhW8lOI0=; b=JBahQ4gN0BU20ayMFAyidqk2p6HCMTUr2Mc09s3mgEKBggy5d2XcPaswvop8FuLQyC NgVEBYJLQhmk6ErrOxZ9RC4FEar3I5iK5mRWbH08FMYR88k7YHZ6zcTY9tEQtqhW6/0a TTAxIQmh+QFYhDWFusp3Wn1GPabj1D9s9VBpPAfghjfT42M2AwA3R6UxoS7MrqzjRgu6 P/VK42LJLIrzVerFgKjl0g3tacGPJmzNVk22BEwixa//kISc+iT11GZOY4AzonzbHU7f FywWJy86C0zROIW1wtvo4WZzOTvFvwYynwFyzPzGvq63Qf0RiOfpZBBLmboyoqBph9q7 Px3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=pebkvXryX1Mwe7VPH4qscF6MuXhYsycPfISmhW8lOI0=; b=dX94JhbAYijKpNmdtajWlAW1i8LHPez+7OpXmjMZPXlbT4lX7pDRs/gbFQyVSnSEkY DgCSNcQowDpSaKi6AHogM/DYguRgl/k1Nt+rBMdsnJOQd3UYY4Hk8f8QnZ2fhaDKlZvQ /UKDxB8B5G6nwnyKdIs5aWOFa4nf94OZlXdl6iG64X8z6Amhfhlv+5wKTEfM7kw0X1Jf 2FxW+A3BeFL9ixUtisJgt9QBLQmcTOtrbiNxMND/ZT7/1oqqj0CLtB+D66yhE/Mykn5Z JmcFMhQncqPD1Nhq8i3zg0Sb8Vb5moSiLGgZRP2BOwW/ARx6Owmy9J53Ikl9GW1lIZLB qKrg==
X-Gm-Message-State: AOUpUlHaAFJ1RvTFM9U0Av5ehn+b9429WnGMhEH0yJV7hZylK9RQ0w9s Wxsd3axDLpt8DXydNWyBCux924f7FOkAQaguf4Y=
X-Google-Smtp-Source: AA+uWPxHoGSsPFKn3JHKAZLeLf7fsUWBE4V2VFs9bMUtx/19l6kIApOfeMNgGct0U6pBWBI3EnYzGQTcWBqc1GmMpm4=
X-Received: by 2002:aca:100f:: with SMTP id 15-v6mr27009385oiq.110.1534315827642; Tue, 14 Aug 2018 23:50:27 -0700 (PDT)
MIME-Version: 1.0
References: <D79701DE.34018%christer.holmberg@ericsson.com> <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com> <D7970CF2.34082%christer.holmberg@ericsson.com> <D799A325.34645%christer.holmberg@ericsson.com>
In-Reply-To: <D799A325.34645%christer.holmberg@ericsson.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 15 Aug 2018 16:50:16 +1000
Message-ID: <CABkgnnWmb6LCYs6_OftVx0cUbMykTuPrfDhbQSReTw5U0NqDPg@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/GpHWiywkqSc5PZxp8p72mW0HYiQ>
Subject: Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 06:50:31 -0000
The assertion can change, it's the identity that results that can't change (in WebRTC, and likely many other cases). On Wed, Aug 15, 2018 at 4:25 PM Christer Holmberg <christer.holmberg@ericsson.com> wrote: > > > Hi, > > One possibility would be to say that an endpoint is not allowed to add a > new fingerprint (that hasn¹t been used before within the session), if > updating of the identity assertion is not supported. > > Is it possible to use the same fingerprint for multiple m- lines, even if > they are not bundled? > > Regards, > > Christer > > > > On 13/08/18 10:23, "rtcweb on behalf of Christer Holmberg" > <rtcweb-bounces@ietf.org on behalf of christer.holmberg@ericsson.com> > wrote: > > > > >Hi, > > > >>Unused fingerprints aren't a problem. a=fingerprint offers multiple > >>options, any of which could be used. The a=identity attribute is no > >>different. If a fingerprint is authenticated, but not used, that's OK > >>as long as the ones that are used are covered. > > > >That may require a little re-wording, because I think the text now says > >that each fingerprint that was used to create the assertion must always be > >included in offers and answers. > > > >>If a new fingerprint is added, that's OK, as long as the a=identity > >>previously covered that value, > > > >That may not be true if one e.g., adds a new m- section with a fingerprint > >that has not previously been used. > > > >>or is amended to include the new value. > > > >How does that work? > > > >Regards, > > > >Christer > > > > > > > > > > > > > > > >>On Mon, Aug 13, 2018 at 4:30 PM Christer Holmberg > >><christer.holmberg@ericsson.com> wrote: > >>> > >>> > >>> Hi, > >>> > >>> One thing that came to my mind when working on the SDP Identity > >>>attribute pull request. > >>> > >>> In WebRTC, and in the draft, we assume that the identity assertion is > >>>bound to the fingerprints. > >>> > >>> What if fingerprints are removed, or added, during a session. Will that > >>>impact the identity assertion? > >>> > >>> A fingerprint can be removed if it is only used for one m- section, and > >>>that m- section is disabled. > >>> > >>> Regards, > >>> > >>> Christer > >>> _______________________________________________ > >>> rtcweb mailing list > >>> rtcweb@ietf.org > >>> https://www.ietf.org/mailman/listinfo/rtcweb > > > >_______________________________________________ > >rtcweb mailing list > >rtcweb@ietf.org > >https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] Identity assertion: impact by removal or… Christer Holmberg
- Re: [rtcweb] Identity assertion: impact by remova… Martin Thomson
- Re: [rtcweb] Identity assertion: impact by remova… Christer Holmberg
- Re: [rtcweb] Identity assertion: impact by remova… Christer Holmberg
- Re: [rtcweb] Identity assertion: impact by remova… Martin Thomson
- Re: [rtcweb] Identity assertion: impact by remova… Christer Holmberg
- Re: [rtcweb] Identity assertion: impact by remova… Martin Thomson