[Jingle] Jingle / e2e security (1)
Johansson Olle E
oej at edvina.net
Wed Feb 11 07:14:00 CST 2009
11 feb 2009 kl. 14.05 skrev Robert McQueen:
> Johansson Olle E wrote:
>> 11 feb 2009 kl. 13.37 skrev Dirk Meyer:
>>> I know. But this thread looked like "TLS is all bad and we should
>>> not
>>> use it at all". I just wanted to point out that ZRTP is not a
>>> solution
>>> for all e2e security problems we have.
>>
>> And I totally agree with you. ;-)
>
> And once we have E2E TLS, we can use it to signal a session key for
> use
> with SRTP. I don't see what ZRTP buys us at all, or that TLS + channel
> binding + SRTP is any worse than ZRTP in any meaningful way, and TLS
> is
> more useful for all of the other use cases. Further to this, ZRTP is
> (partly) patent-encumbered and far less widely implemented than TLS.
ZRTP will buy us licensing issues as you point out. I'd rather work on
fixing
the E2E TLS and then look into SRTP or other secure transports for
whatever
type of session we might want to set up.
/O
More information about the Jingle
mailing list