Hi, we conducted a study of ZRTP clients including Acrobits Softphone, CSipSimple, Jitsi, Linphone, and Signal.
I just published a blog post teaser and a preprint PDF at https://www.sufficientlysecure.org/2017/03/15/zrtp.html Please read the full PDF for all details. We tested protocol compliance, error handling, and user interfaces. Besides 2 issues that have already been fixed, I would like to start a discussion about the following topics: * "shared" MitM attack, where only Signal and Acrobits Softphone are protected against * discussion about better security indicators * besides Signal, no app terminates the connection on security failures, but instead falling back to insecure connections In the PDF we propose a set of best practices that hopefully solve most of the issues. Cheers Dominik -- Dominik Schürmann Institute of Operating Systems and Computer Networks, TU Braunschweig Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Phone: +49 531 3913263 Mobile: +49 171 6581452 Email: schuerm...@ibr.cs.tu-bs.de Website: http://www.ibr.cs.tu-bs.de/users/schuerm _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
