On 7/10/06, trixter aka Bret McDanel <[EMAIL PROTECTED]> wrote:
zphone is phil zimmermans (creator of pgp) encrypted rtp system. Unlike SRTP this does not rely on the server itself to provide the encryption. It also lets you be reasonably assured that if the numbers displayed match then not only is no one listening now, but they havent since you paired both endpoints.
The interesting thing that Phil Z is doing different with Zfone (that could be adopted by Asterisk and/or other VoIP participants) is that he's creating a communication channel that's secure against third-party eavesdropping but doesn't bother with any sort of identity or key management.
From the Zfone FAQ -
"The ZRTP protocol has some nice cryptographic features lacking in many other approaches to VoIP encryption. Although it uses a public key algorithm, it does not rely on a public key infrastructure (PKI). In fact, it does not use persistant public keys at all. It uses ephemeral Diffie-Hellman with hash commitment, and allows the detection of man-in-the-middle (MiTM) attacks by displaying a short authentication string for the users to read and compare over the phone. It has perfect forward secrecy, meaning the keys are destroyed at the end of the call, which precludes retroactively compromising the call by future disclosures of key material. But even if the users are too lazy to bother with short authentication strings, we still get fairly decent authentication against a MiTM attack, based on a form of key continuity. It does this by caching some key material to use in the next call, to be mixed in with the next call's DH shared secret, giving it key continuity properties analogous to SSH. All this is done without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. And it supports opportunistic encryption by auto-sensing if the other VoIP client supports ZRTP." .. my hunch is that a lot of people are going to be aggravated by the peer-to-peer in-band crypto negotiation, and perhaps rightfully so. However, I think it's a really good insight that encryption may be very helpful even where identity is not based upon cryptographic authentication - humans are reasonably good at authenticating each other based upon tone of voice, social/personal context, etc., and we are awful at managing crypto keys. Opportunistic encryption using ephemeral Diffie-Hellman - which allows two people/machines who don't know each other to create a secure channel between them - would let every interaction between Asterisk (or compatible) devices have pretty good protection against casual or indiscriminate third-party monitoring or eavesdropping. It won't solve all problems, but that doesn't mean it wouldn't be a good start. Also, see <http://www.voip-info.org/wiki/view/IAX+encryption>. -- Greg Broiles, JD, LLM Tax, EA [EMAIL PROTECTED] (Lists only. Not for confidential communications.) Law Office of Gregory A. Broiles San Jose, CA _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
