robert.mcqueen at collabora.co.uk
Wed Jul 23 19:23:38 CDT 2008
Johansson Olle E wrote:
> There is a huge difference between TLS in XMPP, which is hop to hop
> and end-to-end security. I want to emphasize the peer2peer part of your
> here :-)
Yeah, XTLS is the current suggested way for a simpler implementation of
end to end security in XMPP. The idea is that you use Jingle to signal a
peer to peer XMPP connection (XEP-0247), and then establish TLS over
that connection with <starttls>. We discussed this a bit over dinner at
the XMPP summit, I think Peter will follow up with more of the ideas.
> I am not fully sure, but I think that there are modes of the MIKEY key
> used for SRTP key exchange in SIP/SDP that doesn't require E2E protection.
> They may rely on pre-shared keys though.
> Check RFC 4567 "Key Management Extensions for Session Description
> Protocol (SDP) and Real Time Streaming Protocol (RTSP)" and
> RFC3830. Both are, well, not judged as easy-reading material. :-)
I'm happy to leave this to other people to wrangle with. Mostly we just
need to be able to put some node in our RTP description which encodes
the same information SDP does when SRTP is in use. I think Diana has the
definition of that.
More information about the Jingle