does the newest stable release (3.6.0) contain the updated libzrtpcpp which does not contain these vulnerabilities: http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html
if 3.6.0 is still effected by the security flaws, what version of linphone will have them fixed,when will you release it? On Monday, July 08, 2013 at 7:26 AM, "Guillaume Beraudo" <[email protected]> wrote: > >Hi, > >> >Open settings to enable TLS and ZRTP. >> >The SAS will be displayed next to a lock pictogram in the >incall >> >view. > >> when these things are set enable and you see the SAS displayed >then conversation is end to end encrypted? > >At that point the conversation will be encrypted, both audio and >video. >However, you are responsible as a participant to check the SAS and >authentify >the peer you are communicating with. > >If picto, SAS and remote peer authentication are handled >correctly, then you can be >sure that the communication is trully end-to-end encrypted. > >In this case both participants should validate the SAS which will >allow automatic >checking for future communications with the same peer. > > >Cheers, >Guillaume > >On Fri, Jul 05, 2013 at 11:41:52AM +0000, JC wrote: >> when these things are set enable and you see the SAS displayed >then conversation is end to end encrypted? >> >> >> >Hi, >> > >> >ZRTP is present in release 3.6.0. >> >However, version 3.6.1 has been released without ZRTP, by error. >> > >> >Open settings to enable TLS and ZRTP. >> > >> >The SAS will be displayed next to a lock pictogram in the >incall >> >view. >> > >> > >> >Guillaume >> > >> > >> >On Thu, Jul 04, 2013 at 08:17:23PM +0000, [email protected] >wrote: >> >> > There are several choices: >> >> > - TLS + srtp: the encryption is done using the certificate >on >> >the server; >> >> > - ZRTP: the conversations are truly encrypted end-to-end >and >> >requires >> >> > participants to check the SAS. >> >> >> >> how do you check the sas as windows user using your free sip >> >servcice? >> >> >> >> > As a consequence, even when using ZRTP you should still be >> >using TLS signaling >> >> > encryption. >> >> >> >> how do you enable tls and zrtp is this enabled on default >when >> >using windows version with your sip service? >> >> >> >> >> >> >> is there a portable version of linphone that is self >> >contained? >> >> > On wich platform? >> >> >> >> Windows >> >> >> >> >> >> >> _______________________________________________ >> Linphone-users mailing list >> [email protected] >> https://lists.nongnu.org/mailman/listinfo/linphone-users > >_______________________________________________ >Linphone-users mailing list >[email protected] >https://lists.nongnu.org/mailman/listinfo/linphone-users _______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
