[Standards] e2e encryption and jingle

Ian Paterson ian.paterson at clientside.co.uk
Mon Sep 3 18:04:30 UTC 2007


Niklas Höglund wrote:
> I'd like all my communication to be encrypted end-to-end, so I like
> the development going on in the jabber community on that side. Voice
> calls are also very useful, but from a quick look at the jabber XEPs I
> can't see how these two features should interoperate.
>
> How should this work?
>   

The clients should negotiate an Encrypted Session first. Then the client 
should negotiate the Jingle Session. That protects the potentially 
sensitive information (e.g. IP addresses) that is exchanged during the 
Jingle negotiation. A note about this might usefully be added to the 
"5.1 Resource Determination" and/or "Security Considerations" sections 
of XEP-0166.

Note that this separation of layers enables the protocols to be used 
independently, however, the fact that the two negotiations are carried 
out simultaneously creates latency in the establishment of a call 
(something that AFAICT is an issue in the "Real World").

Perhaps a couple of round trips could be saved by *optionally* including 
the first <jingle/> negotiation elements in the <message/> stanzas used 
for the Encrypted Session negotiation (instead of in subsequent <iq/> 
stanzas)?

- Ian




More information about the Standards mailing list