Re: [rtcweb] Which hashes are valid for the fingerprint attribute?
Justin Uberti <juberti@google.com> Fri, 11 July 2014 15:58 UTC
Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46181B2B41 for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YA-Vl6DE1gIm for <rtcweb@ietfa.amsl.com>; Fri, 11 Jul 2014 08:58:24 -0700 (PDT)
Received: from mail-vc0-x236.google.com (mail-vc0-x236.google.com [IPv6:2607:f8b0:400c:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61541A0AA7 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:58:24 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id hq11so2489307vcb.27 for <rtcweb@ietf.org>; Fri, 11 Jul 2014 08:58:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cTqChEy9ty1yv7t8iKgcSSKbuBoRk9eUQ60MgV9LN5k=; b=TyK4Eimm9V3DyoWNcRLAl1oFb5QYjVCxpc0Jf8oKgH82uEGmIaWUgNwdmGJGO7no2l kpg0BfwqbNM2SK9Sv1JXT1kpa/p10XaL00E7TxoSJEm1aUYc5IXzPceZvAesFdEpp618 AZ51K0wq5j8ZJHREaaEXqeGpeWHX20chGOW8S6CYTC9OVOC34Yw+H9Gul2C5Oj+BAqq6 M46kUBZk+mMKsL6BlXhSpIbSeCRzjU6Bcskz7qfubQUKY8YFD7XtgFYmlmwg9+bXYhjf r6dfGNw0T9Jvrqg+3f60FYPleneMPF6AzHTnR/oXrO+jpq+DkxEUu3zwGkwHzrA+m4kU 9Wxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=cTqChEy9ty1yv7t8iKgcSSKbuBoRk9eUQ60MgV9LN5k=; b=C8bs818xAKGzx47YVrFoTVMPmwn7lbxj2U/0zxyeqxBoC9WTkK+imBk3wB39JOkfOl uEmd+E9QLSkooeSN3rtXIX5WALJeBy32vmo4qvkZreydTEgFvvOuzhWa8q2N2R8DhaRl iCv1BJ+XzYtMrcKUHp5eYlbRBMgu21EYakqM6uJSpPw1+C2u6K0Gep0nt2MGvatXSl40 AbaX67Vfui7x1AyRCLfra2OQyNrjo0sBVZgAK6C7+maKYAKJl70mmLEMoGDD77eRqq70 XrNkyC1IaM7ZzhV38bo1iPkrWVaaNKi8dXFzE8zC2KVVTWxQ7Nh/K7XHyiD0uLzK9o81 yhTQ==
X-Gm-Message-State: ALoCoQmR6XASgSvLBdsXQNeFAK4MjOMI1h7otaq4NqyYtazPhCNc5FYJTdqOWHAndBDe+8T1QCAw
X-Received: by 10.58.228.74 with SMTP id sg10mr51487583vec.6.1405094303729; Fri, 11 Jul 2014 08:58:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.27.8 with HTTP; Fri, 11 Jul 2014 08:58:02 -0700 (PDT)
In-Reply-To: <CAHgZEq72ACGdjBQBqu_vtT7+-L3G=uLAGR8w9KV4mCMAdR6=0A@mail.gmail.com>
References: <CALiegfmwrik8TMb2J=33WzR1mc+X1usq2vVBZW=u-PbX17sdaw@mail.gmail.com> <CAHgZEq72ACGdjBQBqu_vtT7+-L3G=uLAGR8w9KV4mCMAdR6=0A@mail.gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Fri, 11 Jul 2014 08:58:02 -0700
Message-ID: <CAOJ7v-1EJhcS-faMt7dB+J4Xioz64Cu6CZMEPrDr8Hk_Giss_A@mail.gmail.com>
To: Alexandre GOUAILLARD <agouaillard@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bd6a91cd9b3f104fded02ec"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/pPpQJHB1KIHp2O9unm8IvNXhAZo
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Which hashes are valid for the fingerprint attribute?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 15:58:27 -0000
The recommended algorithms to support probably needs to appear in the security document; JSEP should also mention or point to the recommended algorithms to use when generating the digest. On Fri, Jul 11, 2014 at 8:05 AM, Alexandre GOUAILLARD <agouaillard@gmail.com > wrote: > Inaki, > > I checked a little bit, following our previous exchange. > > There was a thread back in november last year in discuss-webrtc (how to > specify desired hash function(s) (sha-1, sha-256, sha-512) for DTLS-SRTP?) > > Justin said "Chrome supports various hash functions in the remote > description (SHA-1, 256, 512). Local description currently only supports > SHA-256, no plans to change that (although we will probably support > longer hashes in the future for hash agility). Asymmetric hash functions > should not be an issue. If multiple fingerprints are specified in the > remote description, I think Chrome will only use the first one." > > then in ORTC there was this thread in april: > "Issue 64: Section 2.5.1 Fingerprint attribute" > in which bernard proposed: > " > dictionary RTCDtlsParameters { > RTCDtlsRole role = "auto"; > sequence<RTCDtlsFingerprint> fingerprint; > }; > dictionary RTCDtlsFingerprint { > RTCDtlsCertificateHashAlgorithm algorithm; > ArrayBuffer value; > }; > enum RTCDtlsCertificateHashAlgorithm { > "sha-1", > "sha-224", > "sha-256", > "sha-384", > "sha-512" > }; > " > > > > > > > > On Fri, Jul 11, 2014 at 8:26 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote: > >> Hi, >> >> Hi, RFC 5763 and RFC 5764 (DTLS-SRTP) do not mandate a specific hash >> for the fingerprint attribute in the SDP. RFC 5763 refers to RFC 4572 >> "Connection-Oriented Media Transport over TLS in SDP”. Its section 5 >> clearly opens the door to multiple hash functions: >> >> hash-func = "sha-1" / "sha-224" / "sha-256" / >> "sha-384" / "sha-512" / >> "md5" / "md2" / token >> ; Additional hash functions can only come >> ; from updates to RFC 3279 >> >> >> I'm pretty sure that WebRTC implementations are not ready for all >> those hash functions. Is there any WebRTC related draft constraining >> the hash functions that can be used? >> >> Thanks a lot. >> >> >> PS: Not sure if this question should be placed here or in public-webrtc >> ML. >> >> -- >> Iñaki Baz Castillo >> <ibc@aliax.net> >> >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb >> > > > > -- > Alex. Gouaillard, PhD, PhD, MBA > > ------------------------------------------------------------------------------------ > CTO - Temasys Communications, S'pore / Mountain View > President - CoSMo Software, Cambridge, MA > > ------------------------------------------------------------------------------------ > sg.linkedin.com/agouaillard > > - > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb > >
- [rtcweb] Which hashes are valid for the fingerpri… Iñaki Baz Castillo
- Re: [rtcweb] Which hashes are valid for the finge… Alexandre GOUAILLARD
- Re: [rtcweb] Which hashes are valid for the finge… Justin Uberti
- Re: [rtcweb] Which hashes are valid for the finge… Iñaki Baz Castillo
- Re: [rtcweb] Which hashes are valid for the finge… Martin Thomson
- Re: [rtcweb] Which hashes are valid for the finge… Martin Thomson