Check crypto suites

[stefhak]

From https://lists.w3.org/Archives/Public/public-webrtc/2016Sep/0071.html

"WebRTC says The following values must be supported by a user agent: { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" }, and { name: "ECDSA", namedCurve: "P-256" }.

• does this match the other webrtc specs ?"

[stefhak]

@ekr can you comment?

[aboba]

@martinthomson @stefhak IETF specifications only cover the MTI ciphersuites:

draft-ietf-rtcweb-security-arch Section 5.5 says:

All implementations MUST implement DTLS 1.0, with the cipher suite
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with the the P-256 curve
[FIPS186]. The DTLS-SRTP protection profile
SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
Implementations SHOULD implement DTLS 1.2 with the
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite.
Implementations MUST favor cipher suites which support PFS over non-
PFS cipher suites and SHOULD favor AEAD over non-AEAD cipher suites.

RFC 5246 Section 5.5 says:

In the absence of an application profile standard specifying
otherwise, a TLS-compliant application MUST implement the cipher
suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5 for the
definition).

[aboba]

@ekr @stefhak draft-ietf-rtcweb-security-arch doesn't currently specify the mandatory-to-implement certificate algorithms, only the MTI ciphersuites. So while there is no conflict, Issue #1315 asks whether specifying MTI certificate algorithms in the WEBRTC API is appropriate.

Email sent to IETF RTCWEB WG: https://mailarchive.ietf.org/arch/msg/rtcweb/-rM7NIEv99hLzLzb6yUXI8epRIs

[martinthomson]

@aboba, this issue is #1315. Note that while it could use clarification as to whether it applies to ECDH or ECDSA, this statement could imply ECDSA with P-256:

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with the the P-256 curve