Hello,
As of my knowledge, SIP applications do not encrypt messages, only voice and
video calls (with DTLS, SRTP or ZRTP) and transit (with TLS). Correct me if I'm
wrong.
According to Ring FAQ it uses TLS/SRTP to secure connection and communications
over the network and implement SRTP over SIP.
As I understand this, Ring is a sort of a "layer" over SIP, does everything
what SIP does and in an exactly the same way, but through a decentralized
network. Does this mean the only encrypted data is voice and video calls and
it's encrypted with TLS/SRTP (or maybe rather DTLS?) and text messages are not
encrypted?
As I understand, the data in transit (connection data exchanged over the
network) is encrypted with RSA. That would mean the messages are encrypted with
this. It seems like a better choice than TLS, just because I don't trust it,
but from the other hand, it would be the only tool that uses RSA to encrypt
messages, while everything else uses OTR, things based on OTR or different
solutions intended to be better and well-suited for this use case. From what
I've read it's similar to PGP, but for some reason PGP is the one that's
considered good, I'll read the wikipedia article about it as I don't know
anything about RSA yet.
Please confirm if I'm correct and I also ask you to clarify the information in
the FAQ, it should be clearly explained how specific things are encrypted. I
find this very confusing as all the SIP applications somehow miss the mention
that text messages aren't encrypted. A non technical user would think
everything is encrypted with this super good cipher ZRTP and would end up using
an unencrypted communication solution... I'm planning to contact Linphone and
Jitsi for this same reason too.
Perhaps you can also explain why RSA and not OTR?
Regards.
_______________________________________________
Ring mailing list
[email protected]
https://lists.savoirfairelinux.net/mailman/listinfo/ring
