Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?

Martin Thomson <martin.thomson@gmail.com> Wed, 15 August 2018 07:19 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E6DB130ED8 for <rtcweb@ietfa.amsl.com>; Wed, 15 Aug 2018 00:19:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQFTYKcQqCWi for <rtcweb@ietfa.amsl.com>; Wed, 15 Aug 2018 00:19:45 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAFD1130ECF for <rtcweb@ietf.org>; Wed, 15 Aug 2018 00:19:45 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id v8-v6so531934oie.5 for <rtcweb@ietf.org>; Wed, 15 Aug 2018 00:19:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=C+pVrGuVHCpEWd1CTjzJmF1OX6o9r1T5YXx1ytGlcS8=; b=qthMpxej0F+cM2LI+R2OU4FfcYz2/uhy80Ieo7ltXdeT885h3LzEa1JjLIiw1gerEa 8/m4/xnoC8bYdn/ChJ6vW95T6pffpRexDLfFQMSy3tQJ35pNCJrTQzePGfQK9efjV8Io /r82uyYpGLyAun8vn+lohUCuEdOn4vTRGiWGdGVKTPjJoliLSJBHJ9vAOlyj45LGpP2Y d7/9DrBRt24CxZQk972vXggLh4AqRzyLZbOFeezJnZ++DzMsEd3H9OcHd8d8nAmFc1fG sQ7EpMEireZt6BpULBiLaQ6IWiwZG661j2KrNy36ni6J/ebjgytinSJYFhWr7RymSygm jTLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=C+pVrGuVHCpEWd1CTjzJmF1OX6o9r1T5YXx1ytGlcS8=; b=JPegWXMu6JYbDF7C6bUDk4RGOyJ9amj/0oBtTfVzUGMMCSXIB4thvsSs69ss3VWP2O ql873o0v71YSJJ8Pgls9M5VwlubJuR+qsHN2XUEl94A65sWGAVJ4R2YzZzS7hti0Q5X7 pEvHeQ3bZFXjNd5uGkK6r8EK0rChFrs4U+9O1dPR2/ZF5kH7DhvKTvkEd+qH9IFWDThO yB5dSd09/DSwd40efEWyo3eQOPNLWSdhFqh8H1KpX4OoO+20fwZg1D+bOYXjCMrM/Lbi gczoadGNucGb5aceAFW2b5kHlCG8A5hei397lN7EtwNwbcJ/lR+Qf7W6nDpLGHT6F3pb MNXg==
X-Gm-Message-State: AOUpUlFMv9uQWhyeeRa07gF9O84kKq6HTvfJWHbmfQuDa9y6gCDzySYg 6u3wcaxKlQFNk3RdeD3NTWHGuKJdO+VLUjpP2q8=
X-Google-Smtp-Source: AA+uWPxj/wdYWVLnm1yzYXDRZZQW0w/xO51WzpjWuESBLgDdqcL9HmZVtZdkPyt9oPVh6HlKov10XiHXT7SJJkFf3oE=
X-Received: by 2002:aca:100f:: with SMTP id 15-v6mr27090480oiq.110.1534317585087; Wed, 15 Aug 2018 00:19:45 -0700 (PDT)
MIME-Version: 1.0
References: <D79701DE.34018%christer.holmberg@ericsson.com> <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com> <D7970CF2.34082%christer.holmberg@ericsson.com> <D799A325.34645%christer.holmberg@ericsson.com> <CABkgnnWmb6LCYs6_OftVx0cUbMykTuPrfDhbQSReTw5U0NqDPg@mail.gmail.com> <D799ADC2.3472C%christer.holmberg@ericsson.com>
In-Reply-To: <D799ADC2.3472C%christer.holmberg@ericsson.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 15 Aug 2018 17:19:34 +1000
Message-ID: <CABkgnnVVtunVvdwrWsowM2ymdVyO2YnNkiugd9LXNz0n_SHk7Q@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/JOriw51wjA-XIxsGpQFTHYS5jX8>
Subject: Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 07:19:48 -0000

On Wed, Aug 15, 2018 at 5:10 PM Christer Holmberg
<christer.holmberg@ericsson.com> wrote:
> >The assertion can change, it's the identity that results that can't
> >change (in WebRTC, and likely many other cases).
>
> Ok. My understanding was that in WebRTC the PC cannot communicate with the
> IdP in order to create a new assertion (e.g., when a new fingerprint has
> been added), even with the same identity, but I’m glad if I was wrong :)

In Firefox, I don't think that you can change or add fingerprints, so
the question is a little hard to answer so simply.  However, the IdP
is consulted every time a session description (offer or answer) is
created.