[Security] XEP-0166, XEP-0167, XTLS - crypto and other stories.
dave at cridland.net
Thu Dec 18 14:49:50 CST 2008
I've been trying to follow, and catch up on, a couple of threads
recently both on standards@ and jingle@, which appear to both be
concerned with the interaction of Jingle and cryptography (both
encryption, authentication, and others).
It seems to me from a thread on jingle@ that XEP-0167 (That's Jingle
RTP) is moving toward specifying crypto in the terms used by SDP,
which seems appropriate at first glance, however what concerns me is
that there's a different thread over on standards@ which relates to a
more generic crypto-Jingle confluence, moving what's now XEP-0250 to
be available within the Jingle (XEP-0166) negotiation, and neither
thread appears to have appeared on security@, which is our list for
discussing security issues.
I'd like to encourage some kind of cross-talk here, since it looks to
me like Dirk Meyer and I are thinking that having "generic security"
in Jingle (based primarily around TLS on reliable streams) might be
useful, whereas the VOIP crowd hanging out on jingle@ are focused on
I think this cross-talk ought to happen on security@, since we've
various people there who know much more than I do about TLS, DTLS,
and SRTP, and the relationship between them, but aren't on either
jingle@ or standards@ (as far as I know).
I'd like to get this at least started ASAP, so we don't end up with
diverging Jingle security layers.
So, join security@ if you're interested, and I'd like to ask Dirk
Meyer to summarize what's been discussed about Jingle file transfer
and Jingle xmlstream security, and if someone else could volunteer to
summarize the SRTP discussion that happened on jingle@, that's be
Or tell me they're not related, and explain why not (with diagrams
and pretty pictures). ;-)
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security