On Fri Aug 9 09:42:49 2013, Fabio Pietrosanti (naif) wrote: > To be true, i invested 4 weeks of trolling on IETF WebRTC mailing list > sustaining the need to support "also SDES" in order to provide > interoperability with existing VoIP world from day 1.
::) I think I'm solidly with EKR on this... and this is a valuable 15 minute presentation on the "no SDES" argument: http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_RTCWEB&chapter=part_4 > When i unsubscribed from the DTLS-SRTP mailing, the WebRTC standard was > WITH "end-to-end" encryption but WITHOUT end-to-end-authentication > (relying on the server to provide authentication means for user > fingerprint, de-facto allowing MITM). > > Which is the current status for fingerprint verification of DTLS-SRTP > calls? Does it still rely on server? Alas, I have lost track of this... maybe someone else close to how it's evolved can chime in? best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
