[Telepathy] Designing Telepathy/XMPP end-to-end security

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Jun 13 05:59:09 PDT 2012


On 12/06/12 14:42, Simon McVittie wrote:
> Right now, the non-Text case includes VoIP, because the Jingle XEPs
> specify DTLS and SRTP as an optional security layer.

In Telepathy, this has an additional hurdle: half of the security
handshake is performed by the CM, and the other half is performed by the
UI (which typically delegates it to Farstream and libnice).

Unfortunately, there are two ways to do this: you can either use SRTP on
its own, or DTLS and SRTP.

For plain SRTP, the CM would put information corresponding to the
Jingle-RTP <encryption/> element in the MediaDescription, so that it
could be fed to Farstream, which will do the crypto. This version is
exactly as secure as the IM session: you have to trust the hop-by-hop
security of the Jingle messages.

For DTLS + SRTP, as far as I can see, we get to design a new protocol
closely resembling XTLS, then put the information corresponding to the
XTLS <security/> element in the MediaDescription, so that it can be fed
via Farstream to libnice to do the DTLS handshake, determining the key
material for Farstream to use for SRTP?

    S


More information about the telepathy mailing list