On Fri, Sep 6, 2013 at 7:07 AM, Hannes Tschofenig <hannes.tschofenig@xxxxxxx> wrote:
On 06.09.2013 13:30, Stewart Bryant wrote:
Tell me what the IETF could be doing that it isn't already doing.It really depends where you see the boundaries of the IETF.
For some the IETF only produces documents and that's it. Clearly, we have a lot of specification work ongoing in different areas that helps to mitigate various security vulnerabilities. This ranges from recent work on XMPP end-to-end security (as in http://tools.ietf.org/html/draft-miller-3923bis-02) all the way to the recent RTCWEB discussions on using DTLS-SRTP as a key management protocol.
If we took protection against MitM attacks seriously, we would be using ZRTP for RTCWEB instead of DTLS-SRTP. See
- Alan -