Page Index Toggle Pages: 1 [2] 3 4 ... 10 Send TopicPrint
Very Hot Topic (More than 25 Replies) Encryption: TLS, SRTP & ZRTP (Read 128764 times)
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #15 - 04. Jan 2011 at 09:40
Print Post  
I tried my ZRTP implementation against SIP-Communicator, Zfone and Twinkle (Linux). I tested in local peer-to-peer environment and with some VoIP providers. All worked without problems.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #16 - 05. Jan 2011 at 22:00
Print Post  
did u try with phonerlite to phonerlite ? 
i am assuming you tried in linux with sip-communicator ?
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #17 - 05. Jan 2011 at 22:22
Print Post  
Quote:
did u try with phonerlite to phonerlite ?

You are really believing that I never tested with PhonerLite to PhonerLite? Surely I tested that!

Quote:
i am assuming you tried in linux with sip-communicator ?

No, I used the Windows version of SIP Communicator!
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #18 - 06. Jan 2011 at 21:15
Print Post  
Can you please try with freeswitch at the link below ? In windows installing it is 3 minutes of human time ? There are thousands or people interested in getting it work with freeswitch. And you should be testing with freeswitch instead of other sip servers. Its the most advanced server and is now as wide in use as asterisk or more.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #19 - 06. Jan 2011 at 22:36
Print Post  
First you should try two PhonerLite instances without any server between. Just configure one PhonerLite profile without a server or domain. Then enable SRTP and ZRTP and put in the IP address of the other PC as destination number. Does that work for you?
I think PhonerLite is more used with public SIP servers than a local Freeswitch installation.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #20 - 09. Jan 2011 at 11:42
Print Post  
I am trying now with sip communicator also, but not much success. 

FOLLOWING IS A MAJOR FLAW IN PHONERLITE : 

- SRTP
- TLS
- ZRTP

For each of them there should be an option to say that it is required. Which means if it can't do that option, then call won't go through. THIS IS EXTREMELY IMPORTANT. What if someone wants to call with ZRTP only and selects this in the option. But what phonerlite is doing is if it doesn't work, it will still place the call, which is very bad. Same thing with TLS. If a user wants to connect via TLS only, phonerlite is connecting via TCP if TLS fails. This is extremely bad. There should be an option to say REQUIRE TLS, similarly REQUIRE ZRTP. Like this. Otherwise its a huge security risk !
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #21 - 09. Jan 2011 at 13:09
Print Post  
If Sip Communicator doesn't work with ZRTP, there must be a problem between - maybe Freeswitch.
It is up to you to chose another softphone that fulfill your needs. I won't change the current behavior.
For me it is just a hobby project. If I would restrict PhonerLite to force that options - I would get a lot mails because PhonerLite doesn't work anymore. I want to have fun with development and no work with support.
I hope you understand that.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #22 - 14. Jan 2011 at 10:31
Print Post  
Ok, I understand that. 

can you at least please indicate that connection is srtp or zrtp when you move mouse near the yellow lock icon ? It says SRTP, but when it is ZRTP if it says ZRTP it will be very helpful to at least know that it is. 

Why dont you make the project open source ? If you are doing for fun especially. It will help so many people to improve it and make version for linux also.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #23 - 14. Jan 2011 at 12:23
Print Post  
Yes, the tooltip is different when SRTP keys are exchanged by ZRTP.
It is my hobby, my work, my fun - so it keeps closed source Smiley
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #24 - 16. Jan 2011 at 23:38
Print Post  
What should be the tooltip exactly with ZRTP ? 
I hope it is ZRTP and not something else. 

Also, where is SAS provided for verification exactly, Please be specific.

Having open source will help improve, you will be the boss of so many developers ! Maybe someone can make it for linux also !
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #25 - 16. Jan 2011 at 23:52
Print Post  
How to connect phonerlite directly to phonerlite (I am doing this to test zrtp). I removed all registration information and removed selection for register. Then I tried to call the number on other phonerlite by giving 1002@192.168.1.5
but it doesn't work. Should the LED go green when you are not registering ?
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #26 - 17. Jan 2011 at 09:18
Print Post  
Attached is a screenshot of an encrypted call with SRTP keys exchanged by ZRTP. You don't see the mouse arrow, but image that it is over the SRTP icon.
Please wait a second before checking the tooltip. ZRTP negotiation is done after call establishment, so ZRTP is not active immediately right after call answering. 

If you have problems with direct IP calling, please send me the content of the debug window by mail.
  

zrtp.jpg ( 60 KB | Downloads )
zrtp.jpg
Back to top
WWW  
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9211
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #27 - 17. Jan 2011 at 10:17
Print Post  
I uploaded a new beta version now. The SRTP icon changes slightly after ZRTP negotiation succeeded.
  

zrtp2.jpg ( 3 KB | Downloads )
zrtp2.jpg
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #28 - 17. Jan 2011 at 23:12
Print Post  
Can you tell me instructions for direct ip to ip calling ? I am unable to get it. I want to make sure I try correct first before sending debug log.

I see in the picture below you have icon for TLS also. This is great and useful, since user should know if it is being encrypted or not. Also I think it would be really useful to not use any method when user says TLS. For example he makes a conneciton in unsecure environment and doesn't want this SIP details to be sent and choses TLS. IF phonerlite falls back to TCP, then his SIP details are compromised. So when user says TLS, it should only do TLS and report that it was not possible, then user can change to TCP. I hope you can add this option !
  
Back to top
 
IP Logged
 
deti
Junior Member
**
Offline



Posts: 93
Location: Prien am Chiemsee
Joined: 16. Dec 2006
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #29 - 17. Jan 2011 at 23:42
Print Post  
botyhc wrote on 17. Jan 2011 at 23:12:
Can you tell me instructions for direct ip to ip calling ?

Proxy/Registrar: let it empty
Domain/Realm: let it empty
STUN Server: enter a stun server

Username: of your choice

Save this config and look what is written in the bottom line e.g.:
sip:username@95.125.215.25:5066;transport=tls
Now call from the other phone:
username@95.125.215.25:5066
or simply
95.125.215.25:5066
also should do it.
If the port 5066 (in this case) is open on your firewall (router) you will be called Peer-To-Peer.

Make sure if you call from the same PC that you set the "Local Port" to different values in your softphone (network).

I hope it helps.  Smiley

-----

If you want more comfort, this means you don't need to ask your partner for his IP before you can call him, register at http://www.secure-sip-server.net (German website). Then you can register your softphone with its TLS proxy-server or its TLS redirect-server. When you call over the redirect server it will tell your phone only the IP of your partner. From there on the communication between your phones will be Peer-To-Peer.
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1 [2] 3 4 ... 10
Send TopicPrint