Jingle encryption (was: Re: [Standards-JIG] jingle archives)

Nolan Eakins sneakin at semanticgap.com
Sat Dec 17 06:19:24 UTC 2005


Hal Rottenberg wrote:
>>Sip Security or encryption:
>>http://mail.jabber.org/pipermail/jingle/2005-December/000051.html
> 
>> 3) Encryption (at some point -- not being defined right now...)
> 
>>It bothers me that security is often considered later rather than earlier, so
>>I think we should at least have an idea where we are going here.
> 
> I want to point out that my company, and I'm sure others are the same,
> has a policy that unencrypted VOIP cannot be used for business
> purposes.  Just wanted to throw that out there.

I woke up just now thinking about how encryption, signing, etc. would 
fit into Jingle, and what about SOCKS5 since Jingle adds a 2nd OBD 
method? Glad to see Justin already brought up those concerns, but I 
didn't see them addressed.

I can live with a 2nd OBD method, but having just one is simipler. 
Justin brought up some good thoughts about layering which may solve 
encryption with Jingle and file transfer.

So how are we going to get Jingle encrypted? The RTP RFC lays it off 
onto either the app or the transport layer. Secure RTP would require 
more negotiation, and I'm failing to see how negotiating encryption 
would fit into Jingle's flow.

- Nolan

-- 
SemanticGap: To act as one (TM) -- http://www.semanticgap.com/
Instant awareness & messaging * Online presence design
Cross platform and agile development



More information about the Standards mailing list