From ce54970dd136a66d4025c707b5d0c21920cc4bbe Mon Sep 17 00:00:00 2001 From: Peter Saint-Andre Date: Sun, 5 Apr 2009 02:00:44 +0000 Subject: [PATCH] 0.17 git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@2980 4b5297f7-1745-476d-ba37-a9c6900126ab --- xep-0177.xml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/xep-0177.xml b/xep-0177.xml index ec7bbc89..a3de6848 100644 --- a/xep-0177.xml +++ b/xep-0177.xml @@ -27,6 +27,12 @@ &scottlu; &hildjj; &seanegan; + + 0.17 + 2009-04-04 + psa +

Removed security consideration about sending IP address before session acceptance, since that functionality is no longer supported.

+
0.16 2009-03-09 @@ -334,14 +340,6 @@ INITIATOR RESPONDER - -

By definition, the exchange of transport candidates results in exposure of the sender's IP addresses, which comprise a form of personally identifying information. A Jingle client MUST enable a user to control which entities will be allowed to receive such information. If a human user explicitly accepts a session request, then the client SHOULD consider that action to imply approval of IP address sharing. However, waiting for a human user to explicitly accept the session request can result in delays during session setup, since it is more efficient to immediately begin sharing transport candidates. Therefore, it is RECOMMENDED for the client to immediately send transport candidates to a contact (without waiting for explicit user approval of the session request) in the following cases:

-
    -
  1. The user has permanently and formally authorized the contact to view the user's presence information via a presence subscription as reflected in an XMPP roster item (see &xmppim;).
  2. -
  3. The user has temporarily and dynamically shared presence with the contact via "directed presence" as described in RFC 3921.
  4. -
  5. The user has explicitly added the contact to a "whitelist" of entities who are allowed to access the user's personally-identifying information.
  6. -
-

A Jingle implementation SHOULD support security preconditions that are enforced before application media is allowed to flow over a UDP association, such as those described in &xtls;.

Application types that use the Jingle Raw UDP transport method MAY also define their own application-specific encryption methods, such as the Secure Real-time Transport Protocol (SRTP) for RTP exchanges as described in &xep0167;.