[Council] zrtp-hash in XEP-0262
Peter Saint-Andre
stpeter at stpeter.im
Wed Apr 18 14:37:49 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Last week I received a note from Phil Zimmermann about ZRTP. He
pointed out that a separate zrtp-hash attribute must be included in
the signaling for each separate media stream (e.g., if both audio and
video are both included in the session, there must be two zrtp-hash
attributes, one for each media stream, each of which carries a
separate Hello message). Therefore I propose adding the following
sentence to the end of Section 1 of XEP-0262:
Note that to ensure proper security, a separate zrtp-hash is needed
for each media stream (e.g., if a session includes both audio and
video then the values of the <zrtp-hash/> element included in each
<description/> element MUST be different).
If the Council thinks that this change requires wider review, I'll be
happy to send a message to the standards@ and jingle@ lists.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+O0b0ACgkQNL8k5A2w/vw7rwCgy3qmfz3+y/ugWF8iHZ09mGa1
NiAAoMIcyZ9GNUDFUHO1blRBwJNtn6od
=148u
-----END PGP SIGNATURE-----
More information about the Council
mailing list