Jingle encryption (was: Re: [Standards-JIG] jingle archives)

Joe Hildebrand hildjj at gmail.com
Sun Dec 18 05:30:41 UTC 2005


DTLS? (http://www.ietf.org/internet-drafts/draft-rescorla-dtls-05.txt)
SRTP? (RFC 3711)

This is something we should really ensure is interoperable with the  
SIP world.  Can someone from that camp comment on what the cool kids  
are doing?


On Dec 16, 2005, at 11:19 PM, Nolan Eakins wrote:

> Hal Rottenberg wrote:
>>> Sip Security or encryption:
>>> http://mail.jabber.org/pipermail/jingle/2005-December/000051.html
>>> 3) Encryption (at some point -- not being defined right now...)
>>> It bothers me that security is often considered later rather than  
>>> earlier, so
>>> I think we should at least have an idea where we are going here.
>> I want to point out that my company, and I'm sure others are the  
>> same,
>> has a policy that unencrypted VOIP cannot be used for business
>> purposes.  Just wanted to throw that out there.
>
> I woke up just now thinking about how encryption, signing, etc.  
> would fit into Jingle, and what about SOCKS5 since Jingle adds a  
> 2nd OBD method? Glad to see Justin already brought up those  
> concerns, but I didn't see them addressed.
>
> I can live with a 2nd OBD method, but having just one is simipler.  
> Justin brought up some good thoughts about layering which may solve  
> encryption with Jingle and file transfer.
>
> So how are we going to get Jingle encrypted? The RTP RFC lays it  
> off onto either the app or the transport layer. Secure RTP would  
> require more negotiation, and I'm failing to see how negotiating  
> encryption would fit into Jingle's flow.
>
> - Nolan
>
> -- 
> SemanticGap: To act as one (TM) -- http://www.semanticgap.com/
> Instant awareness & messaging * Online presence design
> Cross platform and agile development




More information about the Standards mailing list