[guardian-dev] Blog post: VoIP Security Architecture
Michael Rogers
michael at briarproject.org
Fri Nov 22 05:37:53 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22/11/13 00:11, Lee Azzarello wrote:
> Second, there is ZRTP. This protocol enters into the mix after a
> successful SIP dialog establishes a call session by locating the
> two endpoints. It transmits key agreement information over an RTP
> channel between the peers. The peers use their voices to speak a
> secret they read over a plaintext channel.
Sorry, another point - are you sure voice is carried in plaintext
during key confirmation? I thought it went like this: ZRTP uses a
plaintext channel to establish a key, SRTP uses that key to create an
encrypted channel, the peers verbally confirm the key over the
encrypted channel. If the peers' voices are revealed to an
eavesdropper then secure VoIP is a lot less secure than I thought...
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSjzQAAAoJEBEET9GfxSfMWSsIAJj5S4xoS6kQPxtjEuSTlsHY
3KElqy3jlC/nxF5RfuUSjc0eygCOZfIf+y0lZO1pQnv/OfLgyymgffjN8FMZ6ugB
Lx3ePnHMPiCvoOQIi12bdzgKzX4qM8oxzWHxUnv3T6fMnBbLyHT7i0gDI74Ntnkr
VNg0OTvpKDkkoxRUJ0sZv5sDiaskhVx8ZvMLwF66B7A/yL0ReWS2jKPPzLUySYwX
zst46+gPAmrGnYfwUQfLtIwOFVIM+oK9LCZ04gfjUsNkEDluy2adiJT/krZAp1dS
hpyXmvR+WVNgaS4z1hnNhGEXZD91dy5LOUTVigu+sObNbj6P07UtZoEmk8sjY5E=
=zvIz
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list