From 0049e182b977435a8728344b95ed38f5a07e29fb Mon Sep 17 00:00:00 2001
From: Peter Saint-Andre <stpeter@jabber.org>
Date: Wed, 22 Apr 2009 20:41:26 +0000
Subject: [PATCH] clarified handling of SRTP negotiation

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@3079 4b5297f7-1745-476d-ba37-a9c6900126ab
---
 xep-0167.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/xep-0167.xml b/xep-0167.xml
index 0512ef87..e1362283 100644
--- a/xep-0167.xml
+++ b/xep-0167.xml
@@ -589,7 +589,8 @@ delivery-method=inline; configuration=somebase16string;
     inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:32
     session-params:KDR=1;UNENCRYPTED_SRTCP
   ]]></code>
-  <p>When the responder receives a session-initiate message containing an &lt;encryption/&gt; element, the responder MUST either (1) accept the offer by denoting one of the &lt;crypto/&gt; elements as acceptable (it does this by mirroring that &lt;crypto/&gt; element in its session acceptance) or (2) reject the offer by sending a session-terminate message with a Jingle reason of &lt;security-error/&gt; (typically with an RTP-specific condition of &lt;invalid-crypto/&gt;).</p>
+  <p>When the responder receives a session-initiate message containing an &lt;encryption/&gt; element with the 'required' attribute set to TRUE, the responder MUST either (1) accept the offer by denoting one of the &lt;crypto/&gt; elements as acceptable (it does this by mirroring that &lt;crypto/&gt; element in its session acceptance) or (2) reject the offer by sending a session-terminate message with a Jingle reason of &lt;security-error/&gt; (typically with an RTP-specific condition of &lt;invalid-crypto/&gt;).</p>
+  <p>If the 'required' attribute is set to FALSE (this is the default), depending on personal security policies or client configuration the responder SHOULD accept the offer if possible, but MAY simply proceed without encryption.</p>
   <example caption="Responder terminates session because of invalid crypto"><![CDATA[
 <iq from='juliet@capulet.lit/balcony'
     id='nv71c396'
@@ -625,9 +626,9 @@ delivery-method=inline; configuration=somebase16string;
   ]]></example>
   <p>If the initiator requires encryption but the responder does not include an &lt;encryption/&gt; element in its session acceptance, the initiator MUST terminate the session with a Jingle reason of &lt;security-error/&gt; and an RTP-specific condition of &lt;crypto-required/&gt;.</p>
   <example caption="Initiator terminates session because crypto is required"><![CDATA[
-<iq from='juliet@capulet.lit/balcony'
-    id='nv71c396'
-    to='romeo@montague.lit/orchard'
+<iq from='romeo@montague.lit/orchard'
+    id='ik3hs615'
+    to='juliet@capulet.lit/balcony'
     type='set'>
   <jingle xmlns='urn:xmpp:jingle:1'
           action='session-terminate'