[guardian-dev] PFS for ZRTP / ostel

Lee Azzarello lee at rockingtiger.com
Fri Jun 28 12:53:33 EDT 2013


Thanks for the research Abel!

I'll write up something on the wiki about what you found.

-lee

On Fri, Jun 28, 2013 at 12:06 PM, Abel Luck <abel at guardianproject.info> wrote:
> c1.devrandom at niftybox.net:
>> Hi Lee,
>>
>> Do you know if CSIPSimple provides PFS?  Do all ZRTP implementations
>> provide it?
>>
>
> Perfect forward secrecy is not an optional component of the ZRTP
> specification, the use of the ephemeral Diffie-Hellman [0] to derive the
> ephemeral session key material[1] and key material wiping[2]. Notably,
> ZRTP does not support weak or non-PFS alternatives.
>
> CSipSimple uses the ZRTPCC implementation via ZRTP4PJ the pjsip library
> for zrtp[4], which in turn includes its implementation of ephemeral
> Diffie-Hellman [3].
>
> It does not support GoClear or GoClearAck, the ZRTP equivalent of OTR's
> "end private conversation", but that's not so important, as the key
> material is wiped at the end of the call anyways.
>
> I can't speak for other zrtp implementations, but if they don't support
> PFS, then, strictly speaking, they are not ZRTP.
>
> ~abel
>
> [0]: https://tools.ietf.org/html/rfc6189#section-3.1.1
> [1]: https://tools.ietf.org/html/rfc6189#section-4.5
> [2]: https://tools.ietf.org/html/rfc6189#section-4.7.3
> [3]: https://github.com/wernerd/ZRTPCPP/tree/master/zrtp/crypto
> [4]: https://github.com/r3gis3r/ZRTP4PJ
>
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info


More information about the Guardian-dev mailing list