Subject: [jitsi~svn:9769] Adds SDES for XMPP. Works with Jingle and GTalk
(only for gmail web app,
Date: 2012-08-02 08:53:41 UTC
Adds SDES for XMPP. Works with Jingle and GTalk (only for gmail web app,
doesn not work on "talk" for android).
Great to see the SDES support expanded to Jingle!
I have some comments/questions on your patch:
Would it help to have some of the code from this class in the SDES-Library? E.g. to avoid code duplication as the initialize and toSrtpCryptoAttribute methods particularly look like something that assembles information into/from strings which are defined by RFC4568.
Indeed, it would help. For example, it would be interesting to add to the SrtpCryptoAttribute at least the 4 following functions:
- public String getKeyParamsString()
// returns a string representation of the list of key params separated // by ";".
- public String getSessionParamsString()
// returns a string representation of the list of session params
// separated by " ".
- public void setKeyParamsString(String keyParamsString)
// Parses the keyParamsString using the ";" separator in order to get
// a SrtpKeyParam list and store it as the keyParams attribute.
- public void setSessionParamsString(String sessionParamsString)
// Parses the sessionParamsString using the " " separator in order to
// get a SrtpSessionParam list and store it as the sessionParams
For the SDes library, these functions can be used inside
"CryptoAttribute.create" and "CryptoAttribute.encode"
- Order of added Crypto Controls in SIP
I can't currently test your modifications, but from memory and looking at CallPeerMediaHandlerSipImpl (@@ -586,8 +588,10 @@) it seems that ZRTP now has preference over SDES. The order of updating the media description matters. The new order causes that SDES is now only enabled if the default encryption is disabled or if the extreme rare case of adding the zrtp-hash to the SDP fails.
True, if both ZRTP and SDes are available, then ZRTP is chosen by default. SDes is only used if at least one peer has disabled the "Indicate support of ZRTP in signaling protocol".
I do not have enough knowledge to judge which encryption is more "robust" than the other. But, the only point I understand is that SDes security is pointless if the signaling protocol is not encrypted (which the situation with most of my SIP providers). If SDes (for any good reason) is preferable than ZRTP, maybe we can discuss of a new behavior such as:
- If both ZRTP and SDes are available and the signaling protocol is unsecure, then select ZRTP.
- If both ZRTP and SDes are available and the signaling protocol is secure, then select SDes.
This question (of ZRTP preference) is also raised for XMPP. Although, SDes for XMPP does not work yet in every case: for example, it will works for GTalk with the gmail web app, but not with "Talk" (the android implementation).
This is only from looking at the commit, so I'm sorry if I came up with wrong conclusions.
Thank you for this review Ingo. Any question, remark or discussion is always welcome.
On 08/02/2012 08:59 PM, Ingo Bauersachs wrote:
Vincent Lucas, Ph.D. Jitsi developer