[Security] XEP-0166, XEP-0167, XTLS - crypto and other stories.

Dave Cridland dave at cridland.net
Thu Dec 18 14:49:50 CST 2008


I've been trying to follow, and catch up on, a couple of threads  
recently both on standards@ and jingle@, which appear to both be  
concerned with the interaction of Jingle and cryptography (both  
encryption, authentication, and others).

It seems to me from a thread on jingle@ that XEP-0167 (That's Jingle  
RTP) is moving toward specifying crypto in the terms used by SDP,  
which seems appropriate at first glance, however what concerns me is  
that there's a different thread over on standards@ which relates to a  
more generic crypto-Jingle confluence, moving what's now XEP-0250 to  
be available within the Jingle (XEP-0166) negotiation, and neither  
thread appears to have appeared on security@, which is our list for  
discussing security issues.

I'd like to encourage some kind of cross-talk here, since it looks to  
me like Dirk Meyer and I are thinking that having "generic security"  
in Jingle (based primarily around TLS on reliable streams) might be  
useful, whereas the VOIP crowd hanging out on jingle@ are focused on  

I think this cross-talk ought to happen on security@, since we've  
various people there who know much more than I do about TLS, DTLS,  
and SRTP, and the relationship between them, but aren't on either  
jingle@ or standards@ (as far as I know).

I'd like to get this at least started ASAP, so we don't end up with  
diverging Jingle security layers.

So, join security@ if you're interested, and I'd like to ask Dirk  
Meyer to summarize what's been discussed about Jingle file transfer  
and Jingle xmlstream security, and if someone else could volunteer to  
summarize the SRTP discussion that happened on jingle@, that's be  

Or tell me they're not related, and explain why not (with diagrams  
and pretty pictures). ;-)

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Security mailing list