These are very good questions. I'll do some thinking about possible answers.
Dave Cridland wrote: > Folks, > > I've been trying to follow, and catch up on, a couple of threads > recently both on standards@ and jingle@, which appear to both be > concerned with the interaction of Jingle and cryptography (both > encryption, authentication, and others). > > It seems to me from a thread on jingle@ that XEP-0167 (That's Jingle > RTP) is moving toward specifying crypto in the terms used by SDP, which > seems appropriate at first glance, however what concerns me is that > there's a different thread over on standards@ which relates to a more > generic crypto-Jingle confluence, moving what's now XEP-0250 to be > available within the Jingle (XEP-0166) negotiation, and neither thread > appears to have appeared on security@, which is our list for discussing > security issues. > > I'd like to encourage some kind of cross-talk here, since it looks to me > like Dirk Meyer and I are thinking that having "generic security" in > Jingle (based primarily around TLS on reliable streams) might be useful, > whereas the VOIP crowd hanging out on jingle@ are focused on [S]RTP. > > I think this cross-talk ought to happen on security@, since we've > various people there who know much more than I do about TLS, DTLS, and > SRTP, and the relationship between them, but aren't on either jingle@ or > standards@ (as far as I know). > > I'd like to get this at least started ASAP, so we don't end up with > diverging Jingle security layers. > > So, join security@ if you're interested, and I'd like to ask Dirk Meyer > to summarize what's been discussed about Jingle file transfer and Jingle > xmlstream security, and if someone else could volunteer to summarize the > SRTP discussion that happened on jingle@, that's be great. > > Or tell me they're not related, and explain why not (with diagrams and > pretty pictures). ;-) > > Dave.
