On Fri, Sep 6, 2013 at 7:07 AM, Hannes Tschofenig <[email protected] > wrote:
> On 06.09.2013 13:30, Stewart Bryant wrote: > >> Tell me what the IETF could be doing that it isn't already doing. >> > It really depends where you see the boundaries of the IETF. > > For some the IETF only produces documents and that's it. Clearly, we have > a lot of specification work ongoing in different areas that helps to > mitigate various security vulnerabilities. This ranges from recent work on > XMPP end-to-end security (as in http://tools.ietf.org/html/** > draft-miller-3923bis-02<http://tools.ietf.org/html/draft-miller-3923bis-02>) > all the way to the recent RTCWEB discussions on using DTLS-SRTP as a key > management protocol. > If we took protection against MitM attacks seriously, we would be using ZRTP for RTCWEB instead of DTLS-SRTP. See http://tools.ietf.org/html/draft-johnston-rtcweb-zrtp - Alan -
