As previously noted, "please send follow-ups to the [email protected] list."
Earl wrote: > Peter, > > I have seen a company selling a hw firewall, targeted at corporations > that want to read > all SSL and TLS traffic. This firewall only performed the man in the > middle listening > and let the corporation see all SSL and TLS encrypted traffic in the > clear. I have serious > doubts that SSL or TLS can really provide any security. I mean this > firewall was being > sold by a very small Chinese company, so you can imagine what organized > crime and > governments can do. I have no comment on that. > I believe XMPP should use ZRTP and require that ZRTP SASL *must* be > displayed > so that it can be vocally read to the other party to determine if there > is a man in the middle. > > I am very, VERY, *VERY* much in favor of utilizing ZRTP as E2E security for > - XMPP secure voice calls > - XMPP secure audio-video calls > - XMPP secure file transfer > > Regards, Earl I have no objection to any given implementation using ZRTP, and it would be good to provide a way to support the necessary signalling in Jingle. As far as I can see that would mean an equivalent for the a=zrtp-hash SDP attribute, described here: http://tools.ietf.org/html/draft-zimmermann-avt-zrtp-12#section-8.1 Peter
