As an user of SpeakFreely (7.2 on Windows, stillcan't get my USB headset
to work properly with SF 7.3 on Linux) I've got the following three items
on my wish list. (Hey, I wasn't naughty this year. Honest).
1) built-in PKI support, with fallback to clear. Right now it uses some
obscure PGP version, and probably doesn't even ask key servers. In
practise it's much easer to agree on an IDEA of Blowish key -- but it's
not an out of band communication, and if you don't switch to the same
key synchronously one party is going to have her eardrums blasted with
LOUD digital noise. I think it would be simplest to use SSL, with
PGP (7.2 doesn't support GPG apparently) support left in for those
parties who need it.
I must stress that currently using crypto means:
1) people asking you to do some complicated operations on your end,
while you're unsure why (you just wanted to talk, why does this
other party asks me this for? what are his motives?)
2) using some rather technical lingo (have you ever tried explaining
what cryptography is to a houswife from the Emirates? And why she
possibly can get in trouble using it? (She doesn't, I looked up the
crypto regulations for her country)).
3) if you comply, you get blasted with LOUD SCARY NOISE
As you can see, here's some heavy negative conditioning at work here,
making the average user associate crypto with pushy geeks asking you to
do technical stuff at your end and then get blasted by scary loud noise
for your pains. Ugh, not again, thanks.
2) Voice Activation with default threshold set to zero as default.
Push-to-talk is annoying as hell, and should be the optional mode, not
the other way round.
3) A realtime display of current lag time (bar and/or numeric) would be
very nice.
Lag is unpredictable, and varies over time. Ping/pong protocol at meat
level is very annoying, especially if one have to instruct some
clueless party on the other end first, through a link that doesn't
work like your average phone.
4) Did I say three? Four, FOUR things. Even with current small user
community one will frequently get talked by new users debugging their
setup (see points 2-3 to make it easier), or some teenagers who're out
to annoy. It would be nice to have a realtime public "phonebook" with
geographical separations, and ability to block connections from some
parties.
This point is currently very unimportant, though.
On Sat, 21 Dec 2002, Thomas Shaddack wrote:
> http://www.speakfreely.org/ is a nice, open-source cross-platfor VoIP
> software. Supports encryption by DES, Blowfish, and IDEA.
>
> Had anyone knowledgeable ever looked at its code? How secure this
> implementation is? Is better to use Blowfish or IDEA? Where are the
> potential holes there?
