[Council] zrtp-hash in XEP-0262

Peter Saint-Andre stpeter at stpeter.im
Wed Apr 18 14:37:49 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Last week I received a note from Phil Zimmermann about ZRTP. He
pointed out that a separate zrtp-hash attribute must be included in
the signaling for each separate media stream (e.g., if both audio and
video are both included in the session, there must be two zrtp-hash
attributes, one for each media stream, each of which carries a
separate Hello message). Therefore I propose adding the following
sentence to the end of Section 1 of XEP-0262:

   Note that to ensure proper security, a separate zrtp-hash is needed
   for each media stream (e.g., if a session includes both audio and
   video then the values of the <zrtp-hash/> element included in each
   <description/> element MUST be different).

If the Council thinks that this change requires wider review, I'll be
happy to send a message to the standards@ and jingle@ lists.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+O0b0ACgkQNL8k5A2w/vw7rwCgy3qmfz3+y/ugWF8iHZ09mGa1
NiAAoMIcyZ9GNUDFUHO1blRBwJNtn6od
=148u
-----END PGP SIGNATURE-----


More information about the Council mailing list