[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] setting up secure calling with linphone

From: BIENKOWSKI Guillaume
Subject: Re: [Linphone-developers] setting up secure calling with linphone
Date: Mon, 1 Dec 2014 11:34:15 +0100

Hello back Hans,

I checked the code in iOS to implement the url encoding as you suggested, and figured out that I was wrong in the first place, like you said.


We include the "http[s]://" into the URL spec for iOS.

On android, the scheme is still linphone-config://, and after discussions here, we will adopt it with escaping across mobile platforms for consistency.

I'll implement the changes on iOS, so you should expect the next release to be provisionable with an url like this:


We will implement the decoding of the URL in Android as well, so next release should also be compatible.

Thanks for your feedback!


On Fri, Nov 28, 2014 at 10:24 AM, Hans-Christoph Steiner <address@hidden> wrote:

Android definitely supports registering URL schemes, it is a common thing for
an app to do. I'm happen to implement this one we get a couple details ironed
out.  First, the URI format should follow the RFCs about how to format URIs
(  Otherwise, most apps like browsers,
etc. will not correctly parse it.  Apps will need to write custom code for
handling this URI, which kind of defeats the purpose of using a URI.  For
example, my email client only parsed this part as a clickable URI:

Here are the standard parts of a "hierarchical" URI (i.e. a URI that has "://"
in it):

The linphone config URI is incorrect because it has two schemes, which is not

If you want to embed a complete https URI in this config URI, then the
embedded URI will need to be encoded, so it could be something like:

Using only ":" instead of "://" makes it an "opaque" URI, that just provides a
clickable blob of data.  But since the scheme already includes the protocol to
use ("https"), that can be used as the scheme:

One thing that the Android URI pattern matcher can do is match URIs based on
combinations of scheme, authority, and path. That means no special scheme is
needed. So something like this as a regex:


Great that you got things into transifex, we get a lot of volunteer
contributions from it.  I'll point the OTF translators towards your Transifex.


> Hello Hans-Christopher,
> We recently set up a transifex account for all translations!
> You will be able to enhance the russian version if your translators have
> the time to do it.
> For the remote provisioning, it is actually possible through the wizard. It
> is the last option in the list that you are presented at first boot, and
> the provisioning file is a simple XML derived from the format of the
> LinphoneRC file.
> An very simple example which should work for you:
> <?xml version="1.0" encoding="UTF-8"?>
> <config xmlns="" xmlns:xsi="
>" xsi:schemaLocation="
> lpconfig.xsd">
>   <section name="proxy_default_values">
>     <entry name="reg_proxy">;transport=tls</entry>
>     <entry name="reg_route">;transport=tls;lr</entry>
>     <entry name="reg_identity">sip:address@hidden</entry>
>     <entry name="reg_expires">3600</entry>
>     <entry name="reg_sendregister">1</entry>
>   </section>
>   <section name="sip">
>     <entry name="media_encryption">zrtp</entry>
>   </section>
> </config>
> Just host an XML (or dynamically generate it) somewhere and send the URL to
> your user.
> There's even an automatic provisioning URI on iOS (I'm not sure for
> Android): clicking a link that starts with: linphone-config-https:// will
> automatically launch linphone and provision the URL passed as argument.
> For instance, you could send the user this link:
> linphone-config-https://
> And if the user clicks on it from an email for instance, it will launch
> Linphone and grab the provisioning to set up linphone.
> Best regards,
> *Guillaume BIENKOWSKI*
> *
> <>*
> *sip:address@hidden <address@hidden>*
> On Thu, Nov 27, 2014 at 11:45 AM, Hans-Christoph Steiner <
> address@hidden> wrote:
>> I just wanted to relay some of my experience using Linphone as a secure
>> calling platform.  I just set up a bunch of people in Central and Eastern
>> Europe with using Linphone on Android and iOS. Overall,
>> it
>> went quite smoothly.  There were just the three settings that needed to be
>> changed (TLS, Outbound Proxy, and ZRTP).  I think the biggest barrier to
>> people was the language.  For example, many Eastern Europeans would do
>> better
>> with Russian than English, but English is second choice on Android if an
>> app
>> doesn't have the current language.
>> I've done a lot with Transifex, so I'm happy to help set that up. When you
>> use
>> the 'transifex-client' app called 'tx', then it is really easy to sync the
>> files between git and Transifex. Also, the Open Tech Fund
>> ( has a pool of translators that we work
>> with,
>> and I'd be happy to add linphone as an app that they translate.
>> Based on this experience, I asked to recommend Linphone
>> for
>> Android and iOS.  I've been using Linphone for a while now on Android and
>> it
>> seems to work well.
>> In a related note, I saw that it is possible to provision Jitsi using a
>> URL.
>> That would be awesome to have for Linphone as well.  For ostel, all that
>> would
>> be needed is to set username, domain, TLS, Outbound Proxy, and ZRTP.
>> Maybe it
>> makes sense to also set the password via the URL.  Then the user would
>> install
>> Linphone on their device, sign up on or
>>, then scan the QR Code, and make a call!
>> If we managed to get's SIP service setup matching OSTN
>> standards
>> (solid TLS, good ZRTP support, privacy policy that describes logging, etc),
>> and federating with OSTN, then we could have the easy one-stop service to
>> tell
>> people to use.  We can say "use linphone to make secure calls".
>> .hc
>> --
>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>> _______________________________________________
>> Linphone-developers mailing list
>> address@hidden
> _______________________________________________
> Linphone-developers mailing list
> address@hidden

PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]