1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-25 02:32:18 -05:00

clarified handling of SRTP negotiation

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@3079 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2009-04-22 20:41:26 +00:00
parent 0348fe003b
commit 0049e182b9

View File

@ -589,7 +589,8 @@ delivery-method=inline; configuration=somebase16string;
inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:32 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:32
session-params:KDR=1;UNENCRYPTED_SRTCP session-params:KDR=1;UNENCRYPTED_SRTCP
]]></code> ]]></code>
<p>When the responder receives a session-initiate message containing an &lt;encryption/&gt; element, the responder MUST either (1) accept the offer by denoting one of the &lt;crypto/&gt; elements as acceptable (it does this by mirroring that &lt;crypto/&gt; element in its session acceptance) or (2) reject the offer by sending a session-terminate message with a Jingle reason of &lt;security-error/&gt; (typically with an RTP-specific condition of &lt;invalid-crypto/&gt;).</p> <p>When the responder receives a session-initiate message containing an &lt;encryption/&gt; element with the 'required' attribute set to TRUE, the responder MUST either (1) accept the offer by denoting one of the &lt;crypto/&gt; elements as acceptable (it does this by mirroring that &lt;crypto/&gt; element in its session acceptance) or (2) reject the offer by sending a session-terminate message with a Jingle reason of &lt;security-error/&gt; (typically with an RTP-specific condition of &lt;invalid-crypto/&gt;).</p>
<p>If the 'required' attribute is set to FALSE (this is the default), depending on personal security policies or client configuration the responder SHOULD accept the offer if possible, but MAY simply proceed without encryption.</p>
<example caption="Responder terminates session because of invalid crypto"><![CDATA[ <example caption="Responder terminates session because of invalid crypto"><![CDATA[
<iq from='juliet@capulet.lit/balcony' <iq from='juliet@capulet.lit/balcony'
id='nv71c396' id='nv71c396'
@ -625,9 +626,9 @@ delivery-method=inline; configuration=somebase16string;
]]></example> ]]></example>
<p>If the initiator requires encryption but the responder does not include an &lt;encryption/&gt; element in its session acceptance, the initiator MUST terminate the session with a Jingle reason of &lt;security-error/&gt; and an RTP-specific condition of &lt;crypto-required/&gt;.</p> <p>If the initiator requires encryption but the responder does not include an &lt;encryption/&gt; element in its session acceptance, the initiator MUST terminate the session with a Jingle reason of &lt;security-error/&gt; and an RTP-specific condition of &lt;crypto-required/&gt;.</p>
<example caption="Initiator terminates session because crypto is required"><![CDATA[ <example caption="Initiator terminates session because crypto is required"><![CDATA[
<iq from='juliet@capulet.lit/balcony' <iq from='romeo@montague.lit/orchard'
id='nv71c396' id='ik3hs615'
to='romeo@montague.lit/orchard' to='juliet@capulet.lit/balcony'
type='set'> type='set'>
<jingle xmlns='urn:xmpp:jingle:1' <jingle xmlns='urn:xmpp:jingle:1'
action='session-terminate' action='session-terminate'