XMPP Video/VoIP encrypted?

Ethan Blanton elb at pidgin.im
Thu Jun 14 19:54:00 EDT 2012


David Woolley spake unto us the following wisdom:
> Ethan Blanton wrote:
> >* ZRTP does not handle key exchange and authentication because the
> >  session initiation protocol does so on its behalf.
> 
> If the Wikipedia article is correct, it is is of the essence of ZRTP
> that it does these without the assistance of any session protocol.
> THat is one way in which it differs from SRTP.

As I discussed off-list with Werner, I stated this poorly -- it
negotiates the session key, but not an identity key.  As such it makes
no attempt to bind this session key to an authentication.  If you want
to authenticate the remote party, you rely on the session protocol to
do so.

Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20120614/3265b241/attachment.pgp>


More information about the Support mailing list