[Security] XEP-0166, XEP-0167, XTLS - crypto and other stories.

Justin Karneges justin at affinix.com
Fri Dec 19 21:50:09 CST 2008


On Friday 19 December 2008 11:47:15 Dirk Meyer wrote:
> Justin Karneges wrote:
> > I think you can use a crypto layer in any application unless the
> > application says otherwise (e.g. if the application has its own mechanism
> > instead).
>
> Sorry, my fault. I mean you can not use _every_ crypto layer in any
> application, just like you can not use every transport. E.g. file
> transfer and SRTP is not possible, similar to file transfer and ICE-UDP.

My suggestion is that SRTP shouldn't count as a "Jingle crypto layer".  SRTP 
would be an application detail of Jingle RTP.  There would only be two Jingle 
crypto layers: TLS and DTLS.

This keeps the definition of a Jingle crypto layer simple: it's one that is 
compatible with the underlying transport, and that works for any application 
compatible with that transport.  In other words, the usage of the crypto 
layer does not modify the properties of the transport.

If we consider SRTP to be a "Jingle crypto layer" then we have to make our 
definition more complex by defining compatible application types or 
introducing new transport types.  For example: ICE-UDP produces an unreliable 
transport, Jingle SRTP consumes a reliable or unreliable transport and 
produces an RTP transport, Jingle RTP consumes a reliable, unreliable, or RTP 
transport.  Mess. :)

My proposal does the least rocking of the boat.

-Justin


More information about the Security mailing list