|
From: | Sylvain Berfini |
Subject: | Re: [Linphone-users] Are Linphone chat communications encrypted? |
Date: | Wed, 5 May 2021 13:31:32 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 |
Hi Greg,
Actually for the chat it's not ZRTP that is being used (as it indeed would require a call to send data in a RTP stream, which we do but only for real time text).
We have developped an IM E2E encryption module named LIME (Linphone Instant Messaging Encryption) but which is related to ZRTP: https://www.linphone.org/technical-corner/lime
Cheers,
Sylvain Berfini Software Engineer @ Belledonne Communications
Sylvain Berfini <sylvain.berfini@belledonne-communications.com> writes:Indeed you can use Linphone for E2E encrypted chat if both participants are using Linphone and if you are using our sip.linphone.org proxy server. In the app, simply toggle the green shield on to enable E2E encrypted chat. Check our website for more infos: https://linphone.org/secure-communicationsI am not following this explanation and data flow. If you mean that clicking on shield turns on ZRTP, that makes sense. As I understand it, that not only applies to the media stream but the key negotiation is inband within RTP so the intermediate SIP entities do not have to have any support for ZRTP, just the two endpoints. As I understand it, chat is carried in the signaling channel, and thus two people each of whom is using Linphone as client and sip.linphone.ort as proxy server will each have a TLS connection to the proxy, but the chat will exist in cleartext within the proxy. This is analogous to XMPP where each person connects over TLS (to the same server). (I'm ignoring VPN approaches, because while they have a lot of merit, "Run app X over host-based VPN and now X is e2e encrypted" isn't about app X,. Also, it isn't really on point for people that don't want to or can't pivot their entire world -- and the worlds of everyone they talk to -- to always-p2-VPN. In the real world, I find getting others to install Signal instead of using SMS to be difficult.) For SIP chat, the only methods I am aware of for e2e encryption are OTR an OMEMO, both of which perform key negotiation within the chat channel and send ciphertext using that channel. So Sylvain: can you clarify: Do you really mean chat being end-to-end encrypted, with no plaintext appearing at any intermediate node, for chat? If so, do you mean that the chat is somehow encrypted with ZRTP, or uses some other protocol? https://linphone.org/secure-communications It would be nice to update this page to have a nerd-facing accurate discussion of the crypto situation, specifically addressing ZRTP and the scope of what it covers. Perhaps the only point of confusion in my mind is about how chat is handled. Greg
_______________________________________________ Linphone-users mailing list Linphone-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/linphone-users
[Prev in Thread] | Current Thread | [Next in Thread] |