[guardian-dev] Twilio WebRTC & SIP
Nathan of Guardian
nathan at guardianproject.info
Sun Mar 24 01:56:44 EDT 2013
On 03/23/2013 09:11 PM, Lee Azzarello wrote:
> No security anywhere in Twilio's stack. Muah wah. At this point I
> don't think Twilio is going to do much for us. A WebRTC client would
> be SICK but if it doesn't speak ZRTP for key negotiation and have some
> kind of encrypted signaling, it's useless for our purposes.
I completely agree, but save for one possible configuration... this is
just a question/brainstrom, and way way outside of any feature idea for
OSTN.
I have been speaking and working a bit with Capo of Lorea and Phone
Liberation Front (PLF) here in Amsterdam. You can find their wiki (en
Español) here: http://wiki.phoneliberation.net/pln/doku.php
We have a hackathon today for the #UnlikeUs conference, and we are
looking at variety of feature possibilities that relate to improving
security. He is already an OSTN/OStel user, which was a happy surprise.
Various movements in Spain have physical locations through out Spain
that they are squatting, occupying or actually legally rebuilding as new
societies from scratch. As part of this they are using the PLF model to
setup their own IP telephony systems, currently using TLS and SRTP when
possible, but also VPN links between sites and servers.
In this case, they have a number of clients (mostly
desktops/laptops/netbooks) at a single physical site, that interface
into their PBX (Asterisk). They want a web client (WebRTC to SIP?) for
these machines, to connect to their local PBX, and then that PBX handles
the connection to the other sites over the open or VPN'd Internet.
My question then is, does it at all make sense, if you have a trusted
PBX that is not a "server" in the cloud sense, but more of a thin client
proxy (mainframe?), to have that server manage your ZRTP endpoint? This
would allow even a dumb SIP handset device to support ZRTP from its
server, to say CSIpSimple on the other end? The server could present the
confirmation code by speaking it out, etc.
I know this sounds about as smart as putting your private key on a
server, but again, here "server" means not something in a cloud or data
center, but a shared computing resource on a shelf in the same room as me.
Any sanity to this wackadoo idea?
+n
More information about the Guardian-dev
mailing list