Hi Rene, [Please tell us if you read the list and don't need to be Cc'd. I do read the list, no need to Cc me.]
Rene Bartsch wrote (23 Jun 2014 10:07:42 GMT) : > OnionCat provides a public overlay network. If a SIP-proxy ist put on top of > OnionCat > any dumb hardware-/software SIP-phone in the LAN can be used. Yep, I've been maintaining OnionCat in Debian for a while so that people can easily experiment its usage for VoIP within Tails :) > On the OnionCat-interface I suggest to use > 1. DTLS/SRTP with self-signed certificate created from the Tor Hidden Service > hostname/private key for authentication and encryption Am I getting your suggestion right that it's about re-using the Tor HS' private key material inside a (X.509, I guess) certificate used to authenticate peers with DTLS/SRTP? Assuming we want certificate authentication on top of what Tor HS plus OnionCat's bidirectional authentication provides, what would be the advantage to reuse the HS' key? I'm concerned with feeding it into processes running with different privileges and attack surface. Are you positive that the kind of keys used for Hidden Services is appropriate for DTLS/SRTP? (e.g. key size...) [... snipping other suggestions that I'm not able to comment on without properly diving into the subject ...] > I also suggest to consider RTCWeb as Tor pluggable transport for OnionCat as > it is > encrypted by default, can multiplex multiple streams and ordered > mode/congestion > control can be switched on/off per stream. Just to be clear, work on supporting VoIP within Tails has been stalled for a while. The current state of our research can be found there: https://tails.boum.org/blueprint/VoIP_support/ https://labs.riseup.net/code/issues/5709 Thanks for all these suggestions! I, for one, would welcome experimentation results, e.g. based on what you're suggesting, be it on this list, or as Git patches against the blueprint. I'd love to see reports of WebRTC over OnionCat! Best regards, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
