XMPP Video/VoIP encrypted?
elb at pidgin.im
Thu Jun 14 19:54:00 EDT 2012
David Woolley spake unto us the following wisdom:
> Ethan Blanton wrote:
> >* ZRTP does not handle key exchange and authentication because the
> > session initiation protocol does so on its behalf.
> If the Wikipedia article is correct, it is is of the essence of ZRTP
> that it does these without the assistance of any session protocol.
> THat is one way in which it differs from SRTP.
As I discussed off-list with Werner, I stated this poorly -- it
negotiates the session key, but not an identity key. As such it makes
no attempt to bind this session key to an authentication. If you want
to authenticate the remote party, you rely on the session protocol to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 482 bytes
Desc: Digital signature
More information about the Support