[guardian-dev] RedPhone source code posted

[Nathan of Guardian]

On 07/17/2012 07:16 PM, elijah wrote:
> i think the server part of redphone is actually what makes it brilliant.

I think we generally agree on this, once we see the source code of
course. The work that Lee had to do to get Freeswitch working at a basic
level of security for our OSTN efforts was quite frustrating. In the
end, we did it, but it is obvious that it wasn't built with a secure by
default mentality.

> the use of sms gets around the problem of pushing a connect request to
> the device in a way that does not drain the battery or rely on google's
> cd2m. and, by routing calls through the server, it can greatly diminish
> network observation attacks.

Redphone DOES use c2dm/c2m actually, but also SMS. Not sure how or when,
but both mechanisms are there.

My personal frustration with this approach though is that RedPhone
doesn't work on wifi only devices AND that your SIM card phone number is
linked to your RedPhone account. These are annoyances to me, but for
users in high risk areas, they pose serious risks and limitations.

> as cool as DHT is, sadly i think patching redphone to use DHT would
> result in an app that drained the battery quickly and took a really long
> time to try to place a call.

I am not sure about DHT, but our work with standard SIP socket
mechanisms to do calls with OSTel shows that it can work, is not a huge
battery drain, and that you can hold open sockets without much battery
drain.

I think the SMS/C2M works *better* but its a trade-off the user should
be allowed to make.

+n