On 12/06/12 14:42, Simon McVittie wrote: > Right now, the non-Text case includes VoIP, because the Jingle XEPs > specify DTLS and SRTP as an optional security layer.
In Telepathy, this has an additional hurdle: half of the security handshake is performed by the CM, and the other half is performed by the UI (which typically delegates it to Farstream and libnice). Unfortunately, there are two ways to do this: you can either use SRTP on its own, or DTLS and SRTP. For plain SRTP, the CM would put information corresponding to the Jingle-RTP <encryption/> element in the MediaDescription, so that it could be fed to Farstream, which will do the crypto. This version is exactly as secure as the IM session: you have to trust the hop-by-hop security of the Jingle messages. For DTLS + SRTP, as far as I can see, we get to design a new protocol closely resembling XTLS, then put the information corresponding to the XTLS <security/> element in the MediaDescription, so that it can be fed via Farstream to libnice to do the DTLS handshake, determining the key material for Farstream to use for SRTP? S _______________________________________________ telepathy mailing list telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy