[Asterisk-Security] Opportunistic encryption
Enzo Michelangeli
enzomich at gmail.com
Sat Jul 22 00:45:06 MST 2006
----- Original Message -----
From: "Duane" <duane at e164.org>
Sent: Saturday, July 22, 2006 11:29 AM
> Enzo Michelangeli wrote:
>
>> Yes, but SMTP-TLS can use unauthenticated ephemeral DH, which was
>> precisely
>> what I suggested. This leaves the door open to adding certificates for
>> particular peers, if/when available.
>
> I guess the only question is how much time/effort/encouragement would it
> take to modify the SRTP trunk to support this.
For purely opportunistic encryption, it should't be too difficult: not to
reinvent the wheel, I suspect that the best thing to do would be
implementing ZRTP without authentication (which would remove the need for
a GUI on the VoIP clients). By the way, I've found out that Werner
Dittmann has implemented ZRTP in his Minisip
(http://lists.minisip.org/pipermail/minisip-devel/2006-July/004463.html )
the libraries of which are LGPL'd, so there shouldn't be any problem with
Asterisk's dual-licensed status. (However, that implementation is in C++ and
I think it uses its own SRTP implementation).
Opportunistic unauthenticated encryption is attractive also under the
legal/political point of view. It can be defeated with ad-hoc efforts, like
e.g. targeted interceptions duly authorized by a judicial warrant, but it
makes Big Brother-style mass eavesdropping of all the citizens technically
unfeasible.
> But biometrics is far from perfect, it just hasn't been around long enough
> to be as broken as some other systems, this is purely because we leave our
> biometric "passwords" all over the place, from DNA, fingerprints, iris and
> even voices (security cameras have mics too!)...
Well, the way ZRTP (and the old Zfone) use it is pretty simple and
effective: the two parties read to each other a same short hash that is
displayed on both sides after the key negotiation. As long as the Man in the
Middle is not a wonderful impersonator and a quick-witted one too, it won't
be easy for him to represent himself to each party as the other party, all
in real time, especially if they know each other's voices...
Cheers --
Enzo
More information about the Asterisk-Security
mailing list