[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] hardware with secure key for linphone
|
From: |
Stuart D Gathman |
|
Subject: |
Re: [Linphone-users] hardware with secure key for linphone |
|
Date: |
Tue, 5 May 2020 09:57:00 -0400 (EDT) |
|
User-agent: |
Alpine 2.21 (LRH 202 2017-01-01) |
On Mon, 4 May 2020, Louis Holbrook wrote:
I'm thinking of end-to-end encryption here, of course.
To get end-to-end, ditch the SIP server and use linphone (and any other
IPv6 compatible SIP phone) in peer to peer mode with an IPv6 VPN like
Cjdns or Yggdrasil. Use the IPv6 address as the "phone number"
in your address book. It really is slick. I need to get a recent
version going on Fedora to check if anything is broken since 3.6.1.
The Cjdns IPs are a hash of the public key of the node, so are
authenticated to prevent spoofing and man in the middle. Packets
are end to end encrypted. It is a mesh VPN, but relays are untrusted
and have no access to cleartext.
It is probably possible to support true end-to-end using an untrusted SIP
server, but you really don't need sip servers with IPv6 unless you are
doing conferencing or something.