[Security] XEP-0166, XEP-0167, XTLS - crypto and other stories.

Dirk Meyer dmeyer at tzi.de
Fri Dec 19 13:47:15 CST 2008


Justin Karneges wrote:
> On Friday 19 December 2008 04:26:08 Dirk Meyer wrote:
>> Like you can not combine any transport to any application (e.g. ICE-UDP
>> and file transfer does not work), you can not use any crypto layer in
>> any application.
>
> I think you can use a crypto layer in any application unless the application 
> says otherwise (e.g. if the application has its own mechanism instead).  

Sorry, my fault. I mean you can not use _every_ crypto layer in any
application, just like you can not use every transport. E.g. file
transfer and SRTP is not possible, similar to file transfer and ICE-UDP.

> Thus, any reliable transport may have TLS and any unreliable transport
> may have DTLS.

Agreed.

> Jingle RTP would define the usage of SRTP (as part of the application, so 
> there'd be no crypto layer in the Jingle sense) and discourage a crypto 
> layer.  VPN would simply recommend a crypto layer.

But a crypto layer may be used to exchange the key.


Dirk

-- 
Hanson's Treatment of Time:
	There are never enough hours in a day, but always too many days
	before Saturday.


More information about the Security mailing list