[jdev] Jingle e2e session establishment and security

Suresh Kumar sureshkumar.pp at gmail.com
Thu Dec 10 11:39:39 CST 2009 

Hello,

A little background: I am studying the possibility of applying XMPP
for a problem(the problem being connecting two entities, over the
Internet, which are located in two different private networks, behind
NATs). So XMPP + Jingle appears to be a natural solution for this kind
of problem.

The requirement is: end-to-end byte stream consisting of multiple
transport options, along with end-to-end security. Since there is no
ICE-TCP(i.e., "urn:xmpp:jingle:transports:ice-tcp"), I will define a
custom transport method which will use its own NAT traversal, say that
will be in "urn:xmpp:jingle:transports:my-transport:0" xmlns, for time
being.

I have been going through various XEPs and found that I have the
following options

* Define a new app type in, say "urn:xmpp:jingle:apps:my-app:0" and
  use the transport "urn:xmpp:jingle:transports:my-transport:0" with
  the security tag "urn:xmpp:jingle:security:xtls:0" as defined in
  XEP-0166[fn:1] and [fn:3]. If for some reason my-transport fails, it
  would call "transport-replace" with
  "urn:xmpp:jingle:transports:s5b:1" which in turn, on failure will
  fall back to "urn:xmpp:jingle:transports:ibb:0".  This just follows
  the suggestions from XEP-0166[fn:2], defines new "what" type and
  "how" type, and uses Jingle notions for overall session management.

Ex:
,----
| <iq from='romeo at montague.lit/orchard'
|     id='zyw6m167'
|     to='juliet at capulet.lit/balcony'
|     type='set'>
|   <jingle xmlns='urn:xmpp:jingle:1'>
|           action='session-initiate
|           initiator='romeo at montague.lit/orchard'
|           sid='a73sjjvkla37jfea'>
|    <content creator='initiator' name='something'>
|       <description xmlns='urn:xmpp:jingle:apps:my-app:0' />
|       <transport xmlns='urn:xmpp:jingle:transports:my-transport:0'
|                  sid='vj3hs98y' />
|       <security xmlns='urn:xmpp:jingle:security:xtls:0'>
|         <fingerprint algo='sha1'>RomeoX509CertSHA1Hash</fingerprint>
|         <method name='x509'/>
|       </security>
|    </content>
|   </jingle>
| </iq>
`----

* Or just hack up the XEP-0234(Jingle File Transfer) to use a new
transport method "urn:xmpp:jingle:transports:my-transport:0".

I would appreciate if you can share your views on this approach, and
also possibly suggestions on any other alternate methods which I
failed to envisage.

Thanks for your time,
Suresh

Footnotes:

[fn:1] http://xmpp.org/extensions/xep-0166.html#preconditions

[fn:2] http://xmpp.org/extensions/xep-0166.html#concepts

[fn:3] http://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption-02

More information about the JDev mailing list