Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both are
working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several people
involved with NGOs and wanted to approach you concerning security:
according to the infos on the jitsi homepage the connections are secured
with DTLS/SRTP, so between server and user(s) but not end-to-end (as
with zRTP - if I understood correctly, sorry if I got it wrong...)
Questions:
1) assuming that I trust the operators of the server (videobridge) (=
the jitsi team) - can the communication be intercepted? (man-in-the
middle attack etc?)
2) how is chatting secured to all participants?
3) will an end-to-end encryption be implemented into Jitmeet (similar as
with Jitsi client) ?
Just a general question...is there any reason you would be unwilling to
host your own jitmeet session and have your friends and NGO groups use it?
The standard answer with trust and security is to do it yourself so you
don't have to worry about anyone monitoring the connections.
I really like meet.jit.si and its potential to help people video chat.
Great efforts have been made by the webrtc world as a group and
particularity by the jitsi team!
Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both are
working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several people
involved with NGOs and wanted to approach you concerning security:
according to the infos on the jitsi homepage the connections are secured
with DTLS/SRTP, so between server and user(s) but not end-to-end (as with
zRTP - if I understood correctly, sorry if I got it wrong...)
Questions:
1) assuming that I trust the operators of the server (videobridge) (= the
jitsi team) - can the communication be intercepted? (man-in-the middle
attack etc?)
2) how is chatting secured to all participants?
3) will an end-to-end encryption be implemented into Jitmeet (similar as
with Jitsi client) ?
Hi jungle,
thx for your reply
I am aware and appreciate the huge effort behind such a project.
Even I have been using Jitsi since several years I would described
myself as average user (coming from Skype) - but not as advanced in
programming/setting up own servers as you or most of the forum members.
if the provided link (below) requires just copy/paste of command line
orders to set up the own system, I can give it a try...
Otherwise more hands-on documentation would be required (which I cannot
provide, sorry) to reach the masses of internet users (if one wants to
setup own service)
Just a general question...is there any reason you would be unwilling
to host your own jitmeet session and have your friends and NGO groups
use it? The standard answer with trust and security is to do it
yourself so you don't have to worry about anyone monitoring the
connections.
I really like meet.jit.si <http://meet.jit.si> and its potential to
help people video chat. Great efforts have been made by the webrtc
world as a group and particularity by the jitsi team!
Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both
are working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several
people involved with NGOs and wanted to approach you concerning
security:
according to the infos on the jitsi homepage the connections are
secured with DTLS/SRTP, so between server and user(s) but not
end-to-end (as with zRTP - if I understood correctly, sorry if I
got it wrong...)
Questions:
1) assuming that I trust the operators of the server (videobridge)
(= the jitsi team) - can the communication be intercepted?
(man-in-the middle attack etc?)
2) how is chatting secured to all participants?
3) will an end-to-end encryption be implemented into Jitmeet
(similar as with Jitsi client) ?
Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both are
working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several people
involved with NGOs and wanted to approach you concerning security:
according to the infos on the jitsi homepage the connections are secured
with DTLS/SRTP, so between server and user(s) but not end-to-end (as
with zRTP - if I understood correctly, sorry if I got it wrong...)
correct.
Questions:
1) assuming that I trust the operators of the server (videobridge) (=
the jitsi team) - can the communication be intercepted? (man-in-the
middle attack etc?)
the bridge is decrypting all traffic. In fact, it's doing a MITM attack against the webrtc clients
run your own bridge
2) how is chatting secured to all participants?
Not at all. Each participant is connected via TLS, but that is not end-to-end encryption.
Not that it matters, in-browser-crypto can not to be trusted.
3) will an end-to-end encryption be implemented into Jitmeet (similar as
with Jitsi client) ?
with end-to-end encryption I meant primarily implementation of zRTP for
Audio/Video in JitMeet (and not mpOTR) - would this be possible?
thx and br,
MS
···
On 3/20/14 7:58 PM, Philipp Hancke wrote:
Am 20.03.2014 18:00, schrieb Mr.Smith:
Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both are
working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several people
involved with NGOs and wanted to approach you concerning security:
according to the infos on the jitsi homepage the connections are secured
with DTLS/SRTP, so between server and user(s) but not end-to-end (as
with zRTP - if I understood correctly, sorry if I got it wrong...)
correct.
Questions:
1) assuming that I trust the operators of the server (videobridge) (=
the jitsi team) - can the communication be intercepted? (man-in-the
middle attack etc?)
the bridge is decrypting all traffic. In fact, it's doing a MITM
attack against the webrtc clients
run your own bridge
2) how is chatting secured to all participants?
Not at all. Each participant is connected via TLS, but that is not
end-to-end encryption.
Not that it matters, in-browser-crypto can not to be trusted.
3) will an end-to-end encryption be implemented into Jitmeet (similar as
with Jitsi client) ?
with end-to-end encryption I meant primarily implementation of zRTP for
Audio/Video in JitMeet (and not mpOTR) - would this be possible?
WebRTC does not support ZRTP so unfortunately not. Even with WebRTC, it would have been very tricky to reliably exclude the bridge out of the conference and make content unavailable to it.
To put things in perspective: your communication is encrypted between you and the bridge. The bridge has access to it so you need to trust the person that runs it. If you do - good. If you don't, then your best option is to run your own bridge.
Cheers,
Emil
···
On 21.03.14, 08:53, Mr.Smith wrote:
thx and br,
MS
On 3/20/14 7:58 PM, Philipp Hancke wrote:
Am 20.03.2014 18:00, schrieb Mr.Smith:
Dear Devs,
Besides Jitsi I started to use also your Jitmeet service - both are
working really great, please continue!!!
I want to advertise the usage of https://meet.jit.si to several people
involved with NGOs and wanted to approach you concerning security:
according to the infos on the jitsi homepage the connections are secured
with DTLS/SRTP, so between server and user(s) but not end-to-end (as
with zRTP - if I understood correctly, sorry if I got it wrong...)
correct.
Questions:
1) assuming that I trust the operators of the server (videobridge) (=
the jitsi team) - can the communication be intercepted? (man-in-the
middle attack etc?)
the bridge is decrypting all traffic. In fact, it's doing a MITM
attack against the webrtc clients
run your own bridge
2) how is chatting secured to all participants?
Not at all. Each participant is connected via TLS, but that is not
end-to-end encryption.
Not that it matters, in-browser-crypto can not to be trusted.
3) will an end-to-end encryption be implemented into Jitmeet (similar as
with Jitsi client) ?
