1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 16:55:07 -05:00
This commit is contained in:
stpeter 2011-04-12 07:54:10 -06:00
parent e19a14e9ba
commit 3c969729f7

View File

@ -18,13 +18,19 @@
<spec>XMPP Core</spec>
<spec>XEP-0166</spec>
<spec>XEP-0167</spec>
<spec>draft-zimmermann-avt-zrtp</spec>
<spec>RFC 6189</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>jingle-zrtp</shortname>
<discuss>jingle</discuss>
&stpeter;
<revision>
<version>0.3</version>
<date>2011-04-12</date>
<initials>psa</initials>
<remark><p>Updated reference to reflect publication of RFC 6189; clarified that inclusion of the hash is optional.</p></remark>
</revision>
<revision>
<version>0.2</version>
<date>2010-08-09</date>
@ -52,7 +58,7 @@
</header>
<section1 topic='Protocol' anchor='protocol'>
<p>&xep0167; recommends the use of the Secure Real-time Transport Protocol (SRTP) for end-to-end encryption of RTP sessions negotiated using &xep0166;. An alternative approach to end-to-end encryption of RTP traffic is provided by &zrtp;, developed by Phil Zimmermann, the inventor of "Pretty Good Privacy" (PGP). Although negotiation of ZRTP mainly occurs in the media channel rather than the signalling channel, the ZRTP specification defines one SDP attribute called "zrtp-hash" (this communicates the ZRTP version supported as well as a hash of the Hello message).</p>
<p>&xep0167; recommends the use of the Secure Real-time Transport Protocol (SRTP) for end-to-end encryption of RTP sessions negotiated using &xep0166;. An alternative approach to end-to-end encryption of RTP traffic is provided by &rfc6189;, developed by Phil Zimmermann, the inventor of "Pretty Good Privacy" (PGP). Although negotiation of ZRTP mainly occurs in the media channel rather than the signalling channel, the ZRTP specification defines one SDP attribute called "zrtp-hash" (this communicates the ZRTP version supported as well as a hash of the Hello message). Inclusion of this information is OPTIONAL in both SIP/SDP and Jingle.</p>
<p>The SDP format is shown below.</p>
<code>
a=zrtp-hash:zrtp-version zrtp-hash-value
@ -190,7 +196,7 @@ a=zrtp-hash:1.10 fe30efd02423cb054e50efd0248742ac7a52c8f91bc2df881ae642c371ba46d
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>Security considerations for ZRTP itself are provided in <cite>draft-zimmermann-avt-zrtp</cite>.</p>
<p>Security considerations for ZRTP itself are provided in <cite>RFC 6189</cite>.</p>
<p>XMPP stanzas such as Jingle session-info messages and service discovery exchanges are not encrypted or signed. As a result, it is possible for an attacker to intercept these stanzas and modify them, thus convincing one party that the other party does not support ZRTP and therefore denying the parties an opportunity to use ZRTP. However, because the zrtp-hash is mostly advisory, the parties could still use ZRTP even if the signalling channel is compromised.</p>
</section1>