[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Question when using media encryption on linpho

From: David Santiago
Subject: Re: [Linphone-developers] Question when using media encryption on linphone android
Date: Fri, 10 Apr 2020 14:55:05 +0000

Thanks for explanation! Very helpful!There's no warning whatsoever, so
that is why i was confused. I will not make the media encryption as
mandatory :-)

Best regards,
David Santiago

Greg Troxel <address@hidden> escreveu no dia sexta, 10/04/2020 à(s) 14:10:
> David Santiago <address@hidden> writes:
> > I just noticed that when i have set the option mandatory media
> > encryption[1] and i call address@hidden, the call is
> > [1] - Settings Call -> media encryption -> ZRTP and media encryption
> > mandatory set to true.
> (This is the key point, so I rescued it from the footnote!)
> > established, but i don't have any sound (i don't hear anything). If i
> > finish the call and disable the media encryption i then i call back, i
> > will get sound.
> I am not surprised.  ZRTP does key exchange and then encryption within
> the media stream.  This is great because it works e2e despite the media
> being perhaps carried by intermediate sip routers or nat proxies (e.g
> TURN).
> Howver, ZRTP is generally implemented only in human-facing SIP
> endpoints.  This seems to be partly because of a notion that humans have
> to check the short authentication string.  So the test URI not doing
> ZRTP is unsurprising.
> > Is this the expected behaviour?
> It's not exactly what I expect, but close.   It is good that your phone
> doesn't send audio (am guessing) in the clear; that's what "require"
> means.  And it's good that the arriving audio is not played, because the
> point of require is "if it isn't encrypted like I asked, don't function,
> so that failure to encrypt will lead to a noticeable failure to
> communicate, rather than a silent and undetectable change to no
> encryption".
> However, I think the notification to you that encryption failed should
> be much louder and stronger.  Basically  some kind of huge banner in the
> UI like "encryption required -- blocking audio".
> Overall, requiring ZRTP is a choice to only interoperate with others
> than can do it.  That makes sense if you are using SIP as a private chat
> mechanism.  But it doesn't make sense if you are trying to use linphone
> as an extension on a PBX.
> Probably  there should be some per-addressbook-entry for requiring
> For SRTP flavors, I see those as more useful for securing a
> softphone<>PBX connection.  But, with TLS signalling, they could also
> encrypt media, providing significant protection even if the keys are
> exposed to the signalling nodes.   (I am not really clear on the details
> of this yet, so take my SRTP comments with a grain of salt.)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]