[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.
From: |
JC |
Subject: |
Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0 |
Date: |
Tue, 09 Jul 2013 17:02:04 +0000 |
does the newest stable release (3.6.0) contain the updated libzrtpcpp which
does not contain these vulnerabilities:
http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html
if 3.6.0 is still effected by the security flaws, what version of linphone will
have them fixed,when will you release it?
On Monday, July 08, 2013 at 7:26 AM, "Guillaume Beraudo" <address@hidden> wrote:
>
>Hi,
>
>> >Open settings to enable TLS and ZRTP.
>> >The SAS will be displayed next to a lock pictogram in the
>incall
>> >view.
>
>> when these things are set enable and you see the SAS displayed
>then conversation is end to end encrypted?
>
>At that point the conversation will be encrypted, both audio and
>video.
>However, you are responsible as a participant to check the SAS and
>authentify
>the peer you are communicating with.
>
>If picto, SAS and remote peer authentication are handled
>correctly, then you can be
>sure that the communication is trully end-to-end encrypted.
>
>In this case both participants should validate the SAS which will
>allow automatic
>checking for future communications with the same peer.
>
>
>Cheers,
>Guillaume
>
>On Fri, Jul 05, 2013 at 11:41:52AM +0000, JC wrote:
>> when these things are set enable and you see the SAS displayed
>then conversation is end to end encrypted?
>>
>>
>> >Hi,
>> >
>> >ZRTP is present in release 3.6.0.
>> >However, version 3.6.1 has been released without ZRTP, by error.
>> >
>> >Open settings to enable TLS and ZRTP.
>> >
>> >The SAS will be displayed next to a lock pictogram in the
>incall
>> >view.
>> >
>> >
>> >Guillaume
>> >
>> >
>> >On Thu, Jul 04, 2013 at 08:17:23PM +0000, address@hidden
>wrote:
>> >> > There are several choices:
>> >> > - TLS + srtp: the encryption is done using the certificate
>on
>> >the server;
>> >> > - ZRTP: the conversations are truly encrypted end-to-end
>and
>> >requires
>> >> > participants to check the SAS.
>> >>
>> >> how do you check the sas as windows user using your free sip
>> >servcice?
>> >>
>> >> > As a consequence, even when using ZRTP you should still be
>> >using TLS signaling
>> >> > encryption.
>> >>
>> >> how do you enable tls and zrtp is this enabled on default
>when
>> >using windows version with your sip service?
>> >>
>> >>
>> >> >> is there a portable version of linphone that is self
>> >contained?
>> >> > On wich platform?
>> >>
>> >> Windows
>> >>
>> >>
>>
>>
>> _______________________________________________
>> Linphone-users mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/linphone-users
>
>_______________________________________________
>Linphone-users mailing list
>address@hidden
>https://lists.nongnu.org/mailman/listinfo/linphone-users
- [Linphone-users] linphone more about security, nmod, 2013/07/04
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Guillaume Beraudo, 2013/07/05
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, JC, 2013/07/05
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Guillaume Beraudo, 2013/07/08
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0,
JC <=
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Guillaume Beraudo, 2013/07/10
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Lluís Batlle i Rossell, 2013/07/10
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Guillaume Beraudo, 2013/07/10
- Re: [Linphone-users] linphone more about security - ZRTP on windows 3.6.0, Lluís Batlle i Rossell, 2013/07/10
- Re: [Linphone-users] linphone more about security - patch, Guillaume Beraudo, 2013/07/10