Re: [rtcweb] Which hashes are valid for the fingerprint attribute?

Justin Uberti <juberti@google.com> Fri, 11 July 2014 15:58 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46181B2B41 for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YA-Vl6DE1gIm for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:58:24 -0700 (PDT)
Received: from mail-vc0-x236.google.com (mail-vc0-x236.google.com [IPv6:2607:f8b0:400c:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61541A0AA7 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:58:24 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id hq11so2489307vcb.27 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:58:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cTqChEy9ty1yv7t8iKgcSSKbuBoRk9eUQ60MgV9LN5k=; b=TyK4Eimm9V3DyoWNcRLAl1oFb5QYjVCxpc0Jf8oKgH82uEGmIaWUgNwdmGJGO7no2l kpg0BfwqbNM2SK9Sv1JXT1kpa/p10XaL00E7TxoSJEm1aUYc5IXzPceZvAesFdEpp618 AZ51K0wq5j8ZJHREaaEXqeGpeWHX20chGOW8S6CYTC9OVOC34Yw+H9Gul2C5Oj+BAqq6 M46kUBZk+mMKsL6BlXhSpIbSeCRzjU6Bcskz7qfubQUKY8YFD7XtgFYmlmwg9+bXYhjf r6dfGNw0T9Jvrqg+3f60FYPleneMPF6AzHTnR/oXrO+jpq+DkxEUu3zwGkwHzrA+m4kU 9Wxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=cTqChEy9ty1yv7t8iKgcSSKbuBoRk9eUQ60MgV9LN5k=; b=C8bs818xAKGzx47YVrFoTVMPmwn7lbxj2U/0zxyeqxBoC9WTkK+imBk3wB39JOkfOl uEmd+E9QLSkooeSN3rtXIX5WALJeBy32vmo4qvkZreydTEgFvvOuzhWa8q2N2R8DhaRl iCv1BJ+XzYtMrcKUHp5eYlbRBMgu21EYakqM6uJSpPw1+C2u6K0Gep0nt2MGvatXSl40 AbaX67Vfui7x1AyRCLfra2OQyNrjo0sBVZgAK6C7+maKYAKJl70mmLEMoGDD77eRqq70 XrNkyC1IaM7ZzhV38bo1iPkrWVaaNKi8dXFzE8zC2KVVTWxQ7Nh/K7XHyiD0uLzK9o81 yhTQ==
X-Gm-Message-State: ALoCoQmR6XASgSvLBdsXQNeFAK4MjOMI1h7otaq4NqyYtazPhCNc5FYJTdqOWHAndBDe+8T1QCAw
X-Received: by 10.58.228.74 with SMTP id sg10mr51487583vec.6.1405094303729; Fri, 11 Jul 2014 08:58:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.27.8 with HTTP; Fri, 11 Jul 2014 08:58:02 -0700 (PDT)
In-Reply-To: <CAHgZEq72ACGdjBQBqu_vtT7+-L3G=uLAGR8w9KV4mCMAdR6=0A@mail.gmail.com>
References: <CALiegfmwrik8TMb2J=33WzR1mc+X1usq2vVBZW=u-PbX17sdaw@mail.gmail.com> <CAHgZEq72ACGdjBQBqu_vtT7+-L3G=uLAGR8w9KV4mCMAdR6=0A@mail.gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Fri, 11 Jul 2014 08:58:02 -0700
Message-ID: <CAOJ7v-1EJhcS-faMt7dB+J4Xioz64Cu6CZMEPrDr8Hk_Giss_A@mail.gmail.com>
To: Alexandre GOUAILLARD <agouaillard@gmail.com>
Content-Type: multipart/alternative; boundary=047d7bd6a91cd9b3f104fded02ec
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/pPpQJHB1KIHp2O9unm8IvNXhAZo
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Which hashes are valid for the fingerprint attribute?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 15:58:27 -0000

The recommended algorithms to support probably needs to appear in the
security document; JSEP should also mention or point to the recommended
algorithms to use when generating the digest.


On Fri, Jul 11, 2014 at 8:05 AM, Alexandre GOUAILLARD <agouaillard@gmail.com
> wrote:

> Inaki,
>
> I checked a little bit, following our previous exchange.
>
> There was a thread back in november last year in discuss-webrtc (how to
> specify desired hash function(s) (sha-1, sha-256, sha-512) for DTLS-SRTP?)
>
> Justin said "Chrome supports various hash functions in the remote
> description (SHA-1, 256, 512). Local description currently only supports
> SHA-256, no plans to change that (although we will probably support
> longer hashes in the future for hash agility). Asymmetric hash functions
> should not be an issue. If multiple fingerprints are specified in the
> remote description, I think Chrome will only use the first one."
>
> then in ORTC there was this thread in april:
> "Issue 64: Section 2.5.1 Fingerprint attribute"
> in which bernard proposed:
> "
> dictionary RTCDtlsParameters {
>     RTCDtlsRole                  role = "auto";
>     sequence<RTCDtlsFingerprint> fingerprint;
> };
> dictionary RTCDtlsFingerprint {
>     RTCDtlsCertificateHashAlgorithm algorithm;
>     ArrayBuffer                     value;
> };
> enum RTCDtlsCertificateHashAlgorithm {
>     "sha-1",
>     "sha-224",
>     "sha-256",
>     "sha-384",
>     "sha-512"
> };
> "
>
>
>
>
>
>
>
> On Fri, Jul 11, 2014 at 8:26 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:
>
>> Hi,
>>
>> Hi, RFC 5763 and RFC 5764 (DTLS-SRTP) do not mandate a specific hash
>> for the fingerprint attribute in the SDP. RFC 5763 refers to RFC 4572
>> "Connection-Oriented Media Transport over TLS in SDP”. Its section 5
>> clearly opens the door to multiple hash functions:
>>
>>    hash-func    =  "sha-1" / "sha-224" / "sha-256" /
>>                          "sha-384" / "sha-512" /
>>                          "md5" / "md2" / token
>>                          ; Additional hash functions can only come
>>                          ; from updates to RFC 3279
>>
>>
>> I'm pretty sure that WebRTC implementations are not ready for all
>> those hash functions. Is there any WebRTC related draft constraining
>> the hash functions that can be used?
>>
>> Thanks a lot.
>>
>>
>> PS: Not sure if this question should be placed here or in public-webrtc
>> ML.
>>
>> --
>> Iñaki Baz Castillo
>> <ibc@aliax.net>
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>>
>
>
>
> --
> Alex. Gouaillard, PhD, PhD, MBA
>
> ------------------------------------------------------------------------------------
>  CTO - Temasys Communications, S'pore / Mountain View
> President - CoSMo Software, Cambridge, MA
>
> ------------------------------------------------------------------------------------
> sg.linkedin.com/agouaillard
>
>    -
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>