Transport and Services Working Group P. Hancke Internet-Draft Updates: 8445, 8863 (if approved) R. Shpount Intended status: Informational 2 May 2026 Expires: 3 November 2026 An ICE Option for MESSAGE-INTEGRITY-SHA256 draft-hancke-ice-mi256-latest Abstract This document defines a new ICE option "mi256" that enables the use of MESSAGE-INTEGRITY-SHA256 for STUN short-term authentication in ICE. This is a usage specific negotiation method which lets ICE agents use the SHA-256 variant of the message-integrity attribute in favor of SHA-1. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://fippo.github.io/mimi/draft-tsvwg-hancke-ice-mi256.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-hancke-ice-mi256/. Discussion of this document takes place on the WG Working Group mailing list (mailto:tsvwg@ietf.org), which is archived at https://datatracker.ietf.org/wg/tsvwg/. Subscribe at https://www.ietf.org/mailman/listinfo/tsvwg/. Source for this draft and an issue tracker can be found at https://github.com/fippo/mimi. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 3 November 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Conventions and Definitions 2. Introduction 3. ICE Option 4. Peer-reflexive candidates 5. Security Considerations 6. IANA Considerations 6.1. ICE Option Registration 7. Normative References Authors' Addresses 1. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Introduction Interactive Connectivity Establishment (ICE) [RFC8445] uses STUN [RFC8489] with short-term credentials for connectivity checks. However, ICE assumes a single MESSAGE-INTEGRITY algorithm (SHA-1) and does not provide a mechanism for hash agility. STUN defines a mechanism for hash agility and requires usages to define their own negotiation method as described in Section 16.3 of [RFC8489]. This document updates ICE by defining an ICE option "mi256" that signals support for MESSAGE-INTEGRITY-SHA256 and specifies how it is used for connectivity checks. 3. ICE Option This document defines a new ICE option "mi256" following the procedures in [RFC8839] which indiciates support for the comprehension-required MESSAGE-INTEGRITY-SHA256 STUN attribute. When the "mi256" ice-option is supported by both agents, all STUN transactions in the ICE session * MUST include the MESSAGE-INTEGRITY-SHA256 attribute and * MUST NOT include the MESSAGE-INTEGRITY attribute. Truncation is not permitted. 4. Peer-reflexive candidates STUN Binding requests using MESSAGE-INTEGRITY-SHA256 for authentication can arrive at the offerer before the SDP answer containing the ice-options attribute. If the request verifies correctly using the expected ICE short term credential, the agent infers that the peer supports the "mi256" ICE option semantics for the current ICE session. 5. Security Considerations This document improves the security of ICE by enabling the use of SHA-256 instead of SHA-1 for message integrity. 6. IANA Considerations This document requests that IANA make the following registrations: 6.1. ICE Option Registration IANA is requested to add the following value to the "Interactive Connectivity Establishment (ICE) Options" registry: ICE Option name: mi256 Description: The ICE option indicates that the ICE agent supports the MESSAGE-INTEGRITY-SHA256 STUN attribute. Reference: RFC XXXX 7. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal", RFC 8445, DOI 10.17487/RFC8445, July 2018, . [RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D., Mahy, R., and P. Matthews, "Session Traversal Utilities for NAT (STUN)", RFC 8489, DOI 10.17487/RFC8489, February 2020, . [RFC8839] Petit-Huguenin, M., Nandakumar, S., Holmberg, C., Keränen, A., and R. Shpount, "Session Description Protocol (SDP) Offer/Answer Procedures for Interactive Connectivity Establishment (ICE)", RFC 8839, DOI 10.17487/RFC8839, January 2021, . Authors' Addresses Philipp Hancke Email: philipp.hancke@googlemail.com Roman Shpount Email: rshpount@gmail.com