[Standards] JingleFT XEP encryption conflicts

Peter Saint-Andre stpeter at stpeter.im
Tue Jan 3 22:40:58 UTC 2017


On 1/3/17 2:55 PM, Travis Burtrum wrote:
> Hello all,
>
> I noticed https://xmpp.org/extensions/xep-0234.html#security says:
>
> In order to secure the data stream, implementations SHOULD use
> encryption methods appropriate to the transport method being used. For
> example, end-to-end encryption can be negotiated over either SOCKS5
> Bytestreams or In-Band Bytestreams as described in XEP-0260 and XEP-0261.
>
> Yet 260/261 both say:
>
> https://xmpp.org/extensions/xep-0260.html#security-media
>
> This specification, like XEP-0065 before it, does not directly support
> end-to-end encryption of the media sent over the transport.
>
> https://xmpp.org/extensions/xep-0261.html#security-media
>
> This specification, like XEP-0047 before it, does not directly support
> end-to-end encryption of the media sent over the transport.
>
> So I at least am very confused, can anyone help? :)

Lance might have other opinions, but I read XEP-0234 as saying "this 
isn't the place to look for transport-layer encryption, if it's defined 
anywhere it would be in XEPs 260 and 261", whereas the latter specs are 
saying "um, our authors haven't defined that yet but maybe we need to be 
updated with some proper security methods, eh?"

;-)

Peter




More information about the Standards mailing list