[Council] zrtp-hash in XEP-0262

Peter Saint-Andre stpeter at stpeter.im
Wed Apr 18 14:46:00 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/18/12 8:41 AM, Kevin Smith wrote:
> On Wed, Apr 18, 2012 at 3:37 PM, Peter Saint-Andre
> <stpeter at stpeter.im> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Last week I received a note from Phil Zimmermann about ZRTP. He 
>> pointed out that a separate zrtp-hash attribute must be included
>> in the signaling for each separate media stream (e.g., if both
>> audio and video are both included in the session, there must be
>> two zrtp-hash attributes, one for each media stream, each of
>> which carries a separate Hello message). Therefore I propose
>> adding the following sentence to the end of Section 1 of
>> XEP-0262:
>> 
>> Note that to ensure proper security, a separate zrtp-hash is
>> needed for each media stream (e.g., if a session includes both
>> audio and video then the values of the <zrtp-hash/> element
>> included in each <description/> element MUST be different).
>> 
>> If the Council thinks that this change requires wider review,
>> I'll be happy to send a message to the standards@ and jingle@
>> lists.
> 
> Seems (a) reasonable (change) to me.

Right, it really was implicit before (because the <zrtp-hash/> element
is a child of the <description/> element), but I think Phil is right
that it's best to make this explicit.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+O06gACgkQNL8k5A2w/vwYIwCfT1pbGhEe22ZpQYvU9uTchZ5R
hYQAoPvvTe5mVmXsmPQFI6CAIaQWT/dL
=cqDM
-----END PGP SIGNATURE-----


More information about the Council mailing list