[guardian-dev] Blog post: VoIP Security Architecture

Lee Azzarello lee at guardianproject.info
Fri Nov 22 15:03:21 EST 2013

Hi Elijah,

How could the RTP channel be encrypted prior to key agreement through
a verbal SAS confirmation? It's my understanding that the 1st time two
peers agree on a key the RTP channel is in the clear. No prior keys
exist so no hash can be transmitted for the DH exchange. It is also my
understanding that the nth time these peers communicate the RTP stream
is never in the clear. The spec describes the probability of a MitM
attack's success on the nth time as mathematically impossible unless
the 1st SAS was middled.

It seems that a good test would be to use the VoIP tools in Wireshark
to attempt a RTP stream reconstruction between two peers who have
never shared an SAS. Do you agree?


On Fri, Nov 22, 2013 at 2:49 PM, elijah <elijah at riseup.net> wrote:
> On 11/21/2013 04:11 PM, Lee Azzarello wrote:
>> Second, there is ZRTP. This protocol enters into the mix after a
>> successful SIP dialog establishes a call session by locating the two
>> endpoints. It transmits key agreement information over an RTP channel
>> between the peers. The peers use their voices to speak a secret they
>> read over a plaintext channel.
> Perhaps you know something I don't, but it seems unlikely to me that short
> authentication string exchange happens over a cleartext channel, as it would
> defeat the purpose. ZRTP has a really cool property where you never need to
> authenticate with the SAS, but if you do it once, you can be assured that
> all your prior conversions were secure.
> -elijah
> _______________________________________________
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>        Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
> You are subscribed as: lee at guardianproject.info

More information about the Guardian-dev mailing list