Hi Nathan, On 03/15/2017 08:36 PM, Nathan of Guardian wrote: > > May I ask why you did not test Linphone on iOS?
Good question and I don't have a good answer, it somehow escaped our attention. We should have included it as an individual app. Because it is also based on the bzrtp library and has a UI that is nearly identical to the Android implementation, the evaluation would probably be very similar to Linphone on Android, especially the issues we have with the security indicators are true for both implementations. > I have been nervous about the state of SIP/ZRTP clients, making me also > concerned about continuing to promote SIP-based communications at all. I > suppose we will follow the reaction to your study, to see how the app > vendors like Linphone and Jitsi respond moving forward. Yup, one reason we did this study was that the ZRTP clients did not receive enough attention from the research community. As I also just wrote on the messaging mailinglist, I am particularly interested how to solve the following issues discussed in the paper: * "shared" MitM attack, where only Signal and Acrobits Softphone are protected against * discussion about better security indicators * besides Signal, no app terminates the connection on security failures, but instead falling back to insecure connections Cheers Dominik
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
