[jitsi-dev] How to disable the string comparison security on first contact?


#1

When two people first do an audio call on Jitsi, there's a string
comparison / confirm thing that pops up. It tends to confuse non technical
users a lot. How can I disable this, so this string comparison is not done
and users can just proceed without it? Is there a setting for it? If not,
is there a gui plugin or class that I can edit?

Thanks.


#2

When two people first do an audio call on Jitsi, there's a string
comparison / confirm thing that pops up. It tends to confuse non
technical users a lot. How can I disable this, so this string comparison
is not done and users can just proceed without it? Is there a setting
for it? If not, is there a gui plugin or class that I can edit?

There is no option for this, as this is the only way for authentication (see [1]). You can completely disable encryption in the account menu, which will also get rid of the pop-up.

[1] https://jitsi.org/Documentation/ZrtpFAQ

···

On 03/12/14 00:13, Ali Akhtar wrote:

Thanks.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

Is there a way to hide the GUI for this so that it happens in the
background? Which class / package should I look into for that? I basically
want the confirmation to be sent over automatically without user having to
click anything.

···

On Dec 3, 2014 10:29 AM, "Boris Grozev" <boris@jitsi.org> wrote:

On 03/12/14 00:13, Ali Akhtar wrote:

When two people first do an audio call on Jitsi, there's a string
comparison / confirm thing that pops up. It tends to confuse non
technical users a lot. How can I disable this, so this string comparison
is not done and users can just proceed without it? Is there a setting
for it? If not, is there a gui plugin or class that I can edit?

There is no option for this, as this is the only way for authentication
(see [1]). You can completely disable encryption in the account menu, which
will also get rid of the pop-up.

[1] https://jitsi.org/Documentation/ZrtpFAQ

Thanks.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

Alternatively if disabling encryption is a better option, is there a
setting I can set in default. properties or such so its in place by default?

···

On Dec 3, 2014 10:29 AM, "Boris Grozev" <boris@jitsi.org> wrote:

On 03/12/14 00:13, Ali Akhtar wrote:

When two people first do an audio call on Jitsi, there's a string
comparison / confirm thing that pops up. It tends to confuse non
technical users a lot. How can I disable this, so this string comparison
is not done and users can just proceed without it? Is there a setting
for it? If not, is there a gui plugin or class that I can edit?

There is no option for this, as this is the only way for authentication
(see [1]). You can completely disable encryption in the account menu, which
will also get rid of the pop-up.

[1] https://jitsi.org/Documentation/ZrtpFAQ

Thanks.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Is there a way to hide the GUI for this so that it happens in the
background?
Which class / package should I look into for that? I
basically want the confirmation to be sent over automatically without
user having to click anything.

The short answer is "no, because that defeats the purpose". See the FAQ for details.

On 03/12/14 09:28, Ali Akhtar wrote:> Alternatively if disabling encryption is a better option, is there a
> setting I can set in default. properties or such so its in place by default?
>

I wouldn't actually recommend doing this for obvious reasons.

I don't think there is a global property to disable it. There is a per-account property which you can provision:
net.java.sip-communicator.impl.protocol.jabber.ACCOUNT_ID.ENCRYPTION_PROTOCOL_STATUS.ZRTP

You need to replace ACCOUNT_ID with the proper value, and if needed 'jabber' with 'sip'.

Regards,
Boris

···

On 03/12/14 09:26, Ali Akhtar wrote:


#6

How do Skype and other programs manage to authenticate without that
security popup? Or are they unencrypted?

···

On Dec 3, 2014 12:58 PM, "Boris Grozev" <boris@jitsi.org> wrote:

On 03/12/14 09:26, Ali Akhtar wrote:

Is there a way to hide the GUI for this so that it happens in the
background?
Which class / package should I look into for that? I
basically want the confirmation to be sent over automatically without
user having to click anything.

The short answer is "no, because that defeats the purpose". See the FAQ
for details.

On 03/12/14 09:28, Ali Akhtar wrote:> Alternatively if disabling
encryption is a better option, is there a
> setting I can set in default. properties or such so its in place by
default?
>

I wouldn't actually recommend doing this for obvious reasons.

I don't think there is a global property to disable it. There is a
per-account property which you can provision:
net.java.sip-communicator.impl.protocol.jabber.ACCOUNT_
ID.ENCRYPTION_PROTOCOL_STATUS.ZRTP

You need to replace ACCOUNT_ID with the proper value, and if needed
'jabber' with 'sip'.

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

How do Skype and other programs manage to authenticate without that security
popup? Or are they unencrypted?

Skype trusts its servers (aka the man in the middle), so there's no end-to-end encryption in a call and that can be managed automatically.

Ingo


#8

I see. I am also running my own XMTP server, and I trust it. So in my case,
can I safely remove this popup or make it happen behind the scenes?

···

On Wed, Dec 3, 2014 at 1:45 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

> How do Skype and other programs manage to authenticate without that
security
> popup? Or are they unencrypted?

Skype trusts its servers (aka the man in the middle), so there's no
end-to-end encryption in a call and that can be managed automatically.

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

I see. I am also running my own XMTP server, and I trust it. So in my case,
can I safely remove this popup or make it happen behind the scenes?

You could resort to using SDES instead, but I don't know how well that works with XMPP. You'd need to try it out.

Ingo


#10

XMPP*

···

On Wed, Dec 3, 2014 at 1:48 PM, Ali Akhtar <ali.rac200@gmail.com> wrote:

I see. I am also running my own XMTP server, and I trust it. So in my
case, can I safely remove this popup or make it happen behind the scenes?

On Wed, Dec 3, 2014 at 1:45 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

> How do Skype and other programs manage to authenticate without that
security
> popup? Or are they unencrypted?

Skype trusts its servers (aka the man in the middle), so there's no
end-to-end encryption in a call and that can be managed automatically.

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#11

If I'm running my own server which has SSL setup, there should be no need
for any further encryption since the communication is encrypted between the
server and its clients, right?

···

On Wed, Dec 3, 2014 at 2:02 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

> I see. I am also running my own XMTP server, and I trust it. So in my
case,
> can I safely remove this popup or make it happen behind the scenes?

You could resort to using SDES instead, but I don't know how well that
works with XMPP. You'd need to try it out.

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#12

If I'm running my own server which has SSL setup, there should be no need for
any further encryption since the communication is encrypted between the
server and its clients, right?

No. TLS is only used for the signaling, not the media. You need SRTP for that, and SRTP needs a method to exchange keys. Which by default is ZRTP but can be configured to be SDES. ZRTP is only secure if you compare the fingerprint (in the popup), SDES is only secure though if you trust the server.

Ingo


#13

Got it. Is there any config option available for switching to SDES instead?
Or any classes / code related to it?

···

On Wed, Dec 3, 2014 at 2:35 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

> If I'm running my own server which has SSL setup, there should be no
need for
> any further encryption since the communication is encrypted between the
> server and its clients, right?

No. TLS is only used for the signaling, not the media. You need SRTP for
that, and SRTP needs a method to exchange keys. Which by default is ZRTP
but can be configured to be SDES. ZRTP is only secure if you compare the
fingerprint (in the popup), SDES is only secure though if you trust the
server.

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev