David Woolley spake unto us the following wisdom: > Ethan Blanton wrote: > >* ZRTP does not handle key exchange and authentication because the > > session initiation protocol does so on its behalf. > > If the Wikipedia article is correct, it is is of the essence of ZRTP > that it does these without the assistance of any session protocol. > THat is one way in which it differs from SRTP.
As I discussed off-list with Werner, I stated this poorly -- it negotiates the session key, but not an identity key. As such it makes no attempt to bind this session key to an authentication. If you want to authenticate the remote party, you rely on the session protocol to do so. Ethan
signature.asc
Description: Digital signature
_______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
