[Council] zrtp-hash in XEP-0262

Kevin Smith kevin at kismith.co.uk
Wed Apr 18 14:41:55 UTC 2012


On Wed, Apr 18, 2012 at 3:37 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Last week I received a note from Phil Zimmermann about ZRTP. He
> pointed out that a separate zrtp-hash attribute must be included in
> the signaling for each separate media stream (e.g., if both audio and
> video are both included in the session, there must be two zrtp-hash
> attributes, one for each media stream, each of which carries a
> separate Hello message). Therefore I propose adding the following
> sentence to the end of Section 1 of XEP-0262:
>
>   Note that to ensure proper security, a separate zrtp-hash is needed
>   for each media stream (e.g., if a session includes both audio and
>   video then the values of the <zrtp-hash/> element included in each
>   <description/> element MUST be different).
>
> If the Council thinks that this change requires wider review, I'll be
> happy to send a message to the standards@ and jingle@ lists.

Seems (a) reasonable (change) to me.

/K


More information about the Council mailing list