[Council] zrtp-hash in XEP-0262
Kevin Smith
kevin at kismith.co.uk
Wed Apr 18 14:41:55 UTC 2012
On Wed, Apr 18, 2012 at 3:37 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Last week I received a note from Phil Zimmermann about ZRTP. He
> pointed out that a separate zrtp-hash attribute must be included in
> the signaling for each separate media stream (e.g., if both audio and
> video are both included in the session, there must be two zrtp-hash
> attributes, one for each media stream, each of which carries a
> separate Hello message). Therefore I propose adding the following
> sentence to the end of Section 1 of XEP-0262:
>
> Note that to ensure proper security, a separate zrtp-hash is needed
> for each media stream (e.g., if a session includes both audio and
> video then the values of the <zrtp-hash/> element included in each
> <description/> element MUST be different).
>
> If the Council thinks that this change requires wider review, I'll be
> happy to send a message to the standards@ and jingle@ lists.
Seems (a) reasonable (change) to me.
/K
More information about the Council
mailing list