linphone-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.


From: Lluís Batlle i Rossell
Subject: Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0
Date: Wed, 10 Jul 2013 14:47:23 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Wed, Jul 10, 2013 at 12:30:06PM +0200, Guillaume Beraudo wrote:
> I was indeed able to compile zrtpcpp with ccrtp.
> However, in Linphone, we don't use ccrtp stack but ortp.
> 
> It may not be a big deal to compile with ccrtp on GNU/Linux, but on other
> platforms it would be unnecessary dependencies.

Ok.

> I am also surprised that you managed compiling ortp without patching as
> zrtpcpp API has changed:
> in zrtp.c:725:3: error: too few arguments to function 
> 'zrtp_processZrtpMessage'

We have this combination, and it works fine:
ucommon-6.0.5
ccrtp-2.0.3
libzrtpcpp-2.3.4
ortp-0.22.0

Maybe I miss something?

> On Wed, Jul 10, 2013 at 12:11:21PM +0200, Lluís Batlle i Rossell wrote:
> > On Wed, Jul 10, 2013 at 11:36:17AM +0200, Guillaume Beraudo wrote:
> > > The 3.6.0 release links on an old version of libzrtpcpp.
> > > 
> > > I cloned zrtpcpp master and observed that it would need work
> > > to use the latest zrtpcpp version.
> > > 
> > > It used to be possible to compile zrtpcpp without ccrtp.
> > > I couldn't manage to do it with this version; perhaps the new way require
> > > to move our ortp glue code directly in zrtpcpp.
> > 
> > In nixpkgs on GNU/Linux, we build linphone 3.6.1 with the latest libccrtp 
> > and
> > libzrtcpp without trouble. I don't have any patch for them, I didn't need 
> > it.
> > 
> > We use this recipe:
> > https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/instant-messengers/linphone/default.nix
> > 
> > Regards,
> > Lluís.
> > 
> > 
> > > On Tue, Jul 09, 2013 at 05:02:04PM +0000, JC wrote:
> > > > does the newest stable release (3.6.0) contain the updated libzrtpcpp 
> > > > which does not contain these vulnerabilities: 
> > > > http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html
> > > >  
> > > > 
> > > > if 3.6.0 is still effected by the security flaws, what version of 
> > > > linphone will have them fixed,when will you release it?
> > > > 
> > > > 
> > > > 
> > > > On Monday, July 08, 2013 at 7:26 AM, "Guillaume Beraudo" 
> > > > <address@hidden> wrote:
> > > > >
> > > > >Hi,
> > > > >
> > > > >> >Open settings to enable TLS and ZRTP.
> > > > >> >The SAS will be displayed next to a lock pictogram in the 
> > > > >incall 
> > > > >> >view.
> > > > >
> > > > >> when these things are set enable and you see the SAS displayed 
> > > > >then conversation is end to end encrypted?
> > > > >
> > > > >At that point the conversation will be encrypted, both audio and 
> > > > >video.
> > > > >However, you are responsible as a participant to check the SAS and 
> > > > >authentify
> > > > >the peer you are communicating with.
> > > > >
> > > > >If picto, SAS and remote peer authentication are handled 
> > > > >correctly, then you can be
> > > > >sure that the communication is trully end-to-end encrypted.
> > > > >
> > > > >In this case both participants should validate the SAS which will 
> > > > >allow automatic
> > > > >checking for future communications with the same peer.
> > > > >
> > > > >
> > > > >Cheers,
> > > > >Guillaume
> > > > >
> > > > >On Fri, Jul 05, 2013 at 11:41:52AM +0000, JC wrote:
> > > > >> when these things are set enable and you see the SAS displayed 
> > > > >then conversation is end to end encrypted?
> > > > >> 
> > > > >> 
> > > > >> >Hi,
> > > > >> >
> > > > >> >ZRTP is present in release 3.6.0.
> > > > >> >However, version 3.6.1 has been released without ZRTP, by error.
> > > > >> >
> > > > >> >Open settings to enable TLS and ZRTP.
> > > > >> >
> > > > >> >The SAS will be displayed next to a lock pictogram in the 
> > > > >incall 
> > > > >> >view.
> > > > >> >
> > > > >> >
> > > > >> >Guillaume
> > > > >> >
> > > > >> >
> > > > >> >On Thu, Jul 04, 2013 at 08:17:23PM +0000, address@hidden 
> > > > >wrote:
> > > > >> >> > There are several choices:
> > > > >> >> > - TLS + srtp: the encryption is done using the certificate 
> > > > >on 
> > > > >> >the server;
> > > > >> >> > - ZRTP: the conversations are truly encrypted end-to-end 
> > > > >and 
> > > > >> >requires
> > > > >> >> > participants to check the SAS.
> > > > >> >> 
> > > > >> >> how do you check the sas as windows user using your free sip 
> > > > >> >servcice?
> > > > >> >> 
> > > > >> >> > As a consequence, even when using ZRTP you should still be 
> > > > >> >using TLS signaling 
> > > > >> >> > encryption.
> > > > >> >> 
> > > > >> >> how do you enable tls and zrtp is this enabled on default 
> > > > >when 
> > > > >> >using windows version with your sip service?
> > > > >> >> 
> > > > >> >> 
> > > > >> >> >> is there a portable version of linphone that is self 
> > > > >> >contained?
> > > > >> >> > On wich platform?
> > > > >> >> 
> > > > >> >> Windows
> > > > >> >> 
> > > > >> >> 
> > > > >> 
> > > > >> 
> > > > >> _______________________________________________
> > > > >> Linphone-users mailing list
> > > > >> address@hidden
> > > > >> https://lists.nongnu.org/mailman/listinfo/linphone-users
> > > > >
> > > > >_______________________________________________
> > > > >Linphone-users mailing list
> > > > >address@hidden
> > > > >https://lists.nongnu.org/mailman/listinfo/linphone-users
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Linphone-users mailing list
> > > > address@hidden
> > > > https://lists.nongnu.org/mailman/listinfo/linphone-users
> > > 
> > > _______________________________________________
> > > Linphone-users mailing list
> > > address@hidden
> > > https://lists.nongnu.org/mailman/listinfo/linphone-users
> > 
> > _______________________________________________
> > Linphone-users mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/linphone-users
> 
> _______________________________________________
> Linphone-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-users



reply via email to

[Prev in Thread] Current Thread [Next in Thread]