IETF Logo Mail Archive

Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 15 August 2018 06:25 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687B2130E7E for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:25:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmMjbIFsFu5a for <rtcweb@ietfa.amsl.com>; Tue, 14 Aug 2018 23:25:05 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC441130DDB for <rtcweb@ietf.org>; Tue, 14 Aug 2018 23:25:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1534314302; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4jxk0DeAFEexhWe36omlkDuxjfuM3lThj9L53tKzslA=; b=YY2RAV32uVECVTptQ+RaeEeiQXL3LOQsBn+3jKqcX58D72Njq83DrLew13WtgjpM xYfqeWsTvtxArmV3bn25U3wWN+BWo/j4bo0r6VW2y+6Ar4W5+Q9M8mMkU2EEvXtY 0Ron26dSemfQ+s5zkGjcfMovQ1I4j1ZB81kyemzQVWc=;
X-AuditID: c1b4fb25-b1dff70000006cb9-a6-5b73c73ebcd6
Received: from ESESBMB502.ericsson.se (Unknown_Domain [153.88.183.115]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id B3.1D.27833.E37C37B5; Wed, 15 Aug 2018 08:25:02 +0200 (CEST)
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 15 Aug 2018 08:25:02 +0200
Received: from ESESBMB503.ericsson.se ([153.88.183.186]) by ESESBMB503.ericsson.se ([153.88.183.186]) with mapi id 15.01.1466.003; Wed, 15 Aug 2018 08:25:02 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Martin Thomson <martin.thomson@gmail.com>
CC: RTCWeb IETF <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
Thread-Index: AQHUMs8M0o/pIRhEEUmmaI1RsjVoi6S9GHaAgABB7ACAAxRWAA==
Date: Wed, 15 Aug 2018 06:25:02 +0000
Message-ID: <D799A325.34645%christer.holmberg@ericsson.com>
References: <D79701DE.34018%christer.holmberg@ericsson.com> <CABkgnnXqgSLdGCFj914rMhpzW69knObdrwQ__=uMoPxOx35cqg@mail.gmail.com> <D7970CF2.34082%christer.holmberg@ericsson.com>
In-Reply-To: <D7970CF2.34082%christer.holmberg@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.7.170905
x-originating-ip: [153.88.183.157]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <9FB3DA7ABF6D384BB04852069F1595A7@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrNIsWRmVeSWpSXmKPExsUyM2J7sa7d8eJog6279C2unfnHaLH2Xzu7 A5PHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJWx++1S1oJuwYpj614yNjA+5e1i5OSQEDCR WHPgN3MXIxeHkMBRRokzXfuZIJxvQM6E06wgVUICyxgl+l+bdzFycLAJWEh0/9MGCYsIJEuc ebGQGcRmFlCU+LJ8PhuILSwQITHj5D8WiJpIifuzX7JB2E4S637cBbNZBFQl/nz/xgYyklfA WuLdtTyITVsYJV7O9AKxOQVsJFbvmgV2AaOAmMT3U2uYIFaJS9x6Mp8J4n4BiSV7zjND2KIS Lx//A6sXFdCT2HDiNjtEXEliS+8WqF49iRtTp7BB2NYSfc/PsUPY2hLLFr4Gm8MrIChxcuYT lgmMErOQrJuFpH0WkvZZSNpnIWlfwMi6ilG0OLU4KTfdyFgvtSgzubg4P08vL7VkEyMwCg9u +a26g/HyG8dDjAIcjEo8vPN2FUcLsSaWFVfmHmKU4GBWEuFdlg8U4k1JrKxKLcqPLyrNSS0+ xCjNwaIkzvvQfHOUkEB6YklqdmpqQWoRTJaJg1OqgdF34h/VbTM/eBZkFS1QO/X16JQfi3Sv dqrFer4LnuuamhhZlf3yedukFPbZR82fz/9y5PPz1kCP33NeVyQdKH7ql+gU/clPvaTvqIDP prMLWguusAsd2nJFSrnxdOiHI/Lnl33+Klm3LF3HftWLa+ahfM9+rPlqEO6gpjfrL9Mkwf2J aXyvOBqUWIozEg21mIuKEwG9axmAvgIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/c3rxNlu06LnQlV9T_7ORUmN3oAE>
Subject: Re: [rtcweb] Identity assertion: impact by removal or adding of fingerprints?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 06:25:06 -0000

Hi,

One possibility would be to say that an endpoint is not allowed to add a
new fingerprint (that hasn¹t been used before within the session), if
updating of the identity assertion is not supported.

Is it possible to use the same fingerprint for multiple m- lines, even if
they are not bundled?

Regards,

Christer



On 13/08/18 10:23, "rtcweb on behalf of Christer Holmberg"
<rtcweb-bounces@ietf.org on behalf of christer.holmberg@ericsson.com>
wrote:

>
>Hi,
>
>>Unused fingerprints aren't a problem.  a=fingerprint offers multiple
>>options, any of which could be used.  The a=identity attribute is no
>>different.  If a fingerprint is authenticated, but not used, that's OK
>>as long as the ones that are used are covered.
>
>That may require a little re-wording, because I think the text now says
>that each fingerprint that was used to create the assertion must always be
>included in offers and answers.
>
>>If a new fingerprint is added, that's OK, as long as the a=identity
>>previously covered that value,
>
>That may not be true if one e.g., adds a new m- section with a fingerprint
>that has not previously been used.
>
>>or is amended to include the new value.
>
>How does that work?
>
>Regards,
>
>Christer
>
>
>
>
>
>
>
>>On Mon, Aug 13, 2018 at 4:30 PM Christer Holmberg
>><christer.holmberg@ericsson.com> wrote:
>>>
>>>
>>> Hi,
>>>
>>> One thing that came to my mind when working on the SDP Identity
>>>attribute pull request.
>>>
>>> In WebRTC, and in the draft, we assume that the identity assertion is
>>>bound to the fingerprints.
>>>
>>> What if fingerprints are removed, or added, during a session. Will that
>>>impact the identity assertion?
>>>
>>> A fingerprint can be removed if it is only used for one m- section, and
>>>that m- section is disabled.
>>>
>>> Regards,
>>>
>>> Christer
>>> _______________________________________________
>>> rtcweb mailing list
>>> rtcweb@ietf.org
>>> https://www.ietf.org/mailman/listinfo/rtcweb
>
>_______________________________________________
>rtcweb mailing list
>rtcweb@ietf.org
>https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email