Each instance of ZRTP has a unique 96-bit random ZRTP ID, or ZID that is generated once at installation time. ZID is transfered in plaintext so even a passive attacker can learn lot of metadata information (which uniquely identified ZRTP user communicates with a different uniquely identified ZRTP user).
Because the ZID is unique for very long time a passive attacker can track a ZRTP user over long time, over many networks (The ZIP stays unique even when IP address changes). For example SDES/SRTP doesn't leak this metadata information. It's possible to operate ZRTP in cacheless mode and generate a new ZID for every connection, https://tools.ietf.org/html/rfc6189#section-4.9.1 but this cacheless operation would sacrifice the key continuity features. https://tools.ietf.org/html/rfc6189#section-15.1 I think that the key continuity features of ZRTP are very useful because they provide post-quantum confidentiality if two ZRTP users can create at least a single connection over trusted network. What are you thinking about ZRTP leaking metadata? What are the possible solutions? For example encrypting the ZRTP packets with SDES/SRTP.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
