[jitsi-dev] Re: [OTR-users] Pidgin OTR and Audio/Video Calls


#1

Hey folks,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jitsi is your best option for now of a client that supports both
OTR/XMPP and ZRTP/SIP (encrypted calling). It is technically
possible to do an end-to-end encrypted video call with Jitsi using
ZRTP, but you have to get the setup just right.

+1 to Jitsi.

One possible hole here is that OTR/XMPP encrypts your IMs and ZRTP/SIP
encrypts your voice and video, but nothing encrypts your signalling
for call setup. That could be solved if OTR were able to encrypt full
XMPP stanzas and you used Jingle, or if OTR were used to encrypt the
SIP messages. I am not sure if either of those is possible right now.
I'm cc'ing Emil Ivov of the Jitsi project in case he wants to reply
(or you might ask on the Jitsi list).

Indeed call details about call participants and duration, would be
visible to the servers (which is still better than what you'd get with
many SIP deployments that use plain TCP or UDP).

Using OTR to encrypt the Jingle IQs does sound feasible but we haven't
thought about it before.

Cheers,
Emil

···

On 15.02.13, 14:19, Peter Saint-Andre wrote:

On 2/15/13 1:31 AM, Nathan of Guardian wrote:

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRHjXIAAoJEOoGpJErxa2pmisP/RUqmo9cIABtGmlYpa0zvol5
RDUDq5Dv6Q8sU2P1Lw3zmRfHrWdiE+m/nUPAp/793TME+NMpjCcKnW43LKXhpnD7
VG83JMAUE6XdBFlAsLTF2krrK9mSJ0ocbTFlbxHUmC6wKn0BEnvso4Xd1TaFHsD0
tTpm0Cvo4oEUkV5bphrd5y03fCgCZZpfW0wc7hH8ZGHFkYHXCjpJVcmPbxk+U1Ff
ShqEqlDjxL5f8889RdEia/WGt+84hZ6bwQqhITQw072sa8E0fJ7PoYfS05dmfqJK
dKCV69JKB2Et+27NubG9v4l3TaHaH3nq9M6gxKPVe2elSsa8dxjFxJnc9Eirx96h
17VmIUffDfMGeOVxRVDu46PkJijz23Bb77gaNBu9fYc1wOhKO8lVCLmxlbWX3xVm
mwPZkuPhdB0DV91HyvZChB7WFoipbzw98QTjX9CLP9jfeFuQfJiCCjg8HauDYgge
ku6K+Sjxq3GJ/BZRFv0CB2E12mvwmzJ87vtLlmJfs3qqyYI8czL6a7u0ktqNRHQW
kpPbd057jBris7XdWVtFS24Sk0Vsa3vZr5flcxET0489Ck95L+v1vD6iQqZCsiRk
3ZfYHFziSfLHvuGbWPBusoKPN9FLKR8KhgLnwfttAKOaLlhBZWXfoRwo+wlWUf6F
4kkt/0N4MJDbbJL5x1cA
=7WCw
-----END PGP SIGNATURE-----

--
https://jitsi.org


#2

Hi Emil,

That won't work yet because as far as I know OTR encrypts only the
<body/> element (and maybe XHTML content) of the XMPP <message/>
stanza. Anything else in a <message/> stanza, and any <iq/> stanza, is
sent unencrypted. One approach to solving that problem is to make OTR
more XMPP-friendly, another is to serialize the entire stanza payload
into a string that we'd put into the <body/> element. But we haven't
defined either of those approaches yet.

But that's probably a better topic for the otr-dev list. :wink:

Peter

- --
Peter Saint-Andre
https://stpeter.im/

···

On 2/15/13 6:41 AM, Emil Ivov wrote:

Hey folks,

On 15.02.13, 14:19, Peter Saint-Andre wrote: On 2/15/13 1:31 AM,
Nathan of Guardian wrote:

Jitsi is your best option for now of a client that supports
both OTR/XMPP and ZRTP/SIP (encrypted calling). It is
technically possible to do an end-to-end encrypted video call
with Jitsi using ZRTP, but you have to get the setup just
right.

+1 to Jitsi.

One possible hole here is that OTR/XMPP encrypts your IMs and
ZRTP/SIP encrypts your voice and video, but nothing encrypts your
signalling for call setup. That could be solved if OTR were able to
encrypt full XMPP stanzas and you used Jingle, or if OTR were used
to encrypt the SIP messages. I am not sure if either of those is
possible right now. I'm cc'ing Emil Ivov of the Jitsi project in
case he wants to reply (or you might ask on the Jitsi list).

Indeed call details about call participants and duration, would
be visible to the servers (which is still better than what you'd
get with many SIP deployments that use plain TCP or UDP).

Using OTR to encrypt the Jingle IQs does sound feasible but we
haven't thought about it before.


#3

Hey Peter,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey folks,

On 15.02.13, 14:19, Peter Saint-Andre wrote: On 2/15/13 1:31 AM,
Nathan of Guardian wrote:

Jitsi is your best option for now of a client that supports
both OTR/XMPP and ZRTP/SIP (encrypted calling). It is
technically possible to do an end-to-end encrypted video call
with Jitsi using ZRTP, but you have to get the setup just
right.

+1 to Jitsi.

One possible hole here is that OTR/XMPP encrypts your IMs and
ZRTP/SIP encrypts your voice and video, but nothing encrypts your
signalling for call setup. That could be solved if OTR were able to
encrypt full XMPP stanzas and you used Jingle, or if OTR were used
to encrypt the SIP messages. I am not sure if either of those is
possible right now. I'm cc'ing Emil Ivov of the Jitsi project in
case he wants to reply (or you might ask on the Jitsi list).

Indeed call details about call participants and duration, would
be visible to the servers (which is still better than what you'd
get with many SIP deployments that use plain TCP or UDP).

Using OTR to encrypt the Jingle IQs does sound feasible but we
haven't thought about it before.

Hi Emil,

That won't work yet because as far as I know OTR encrypts only the
<body/> element (and maybe XHTML content) of the XMPP <message/>
stanza. Anything else in a <message/> stanza, and any <iq/> stanza, is
sent unencrypted.

Oh it definitely won't work with current implementations. What I said
above was that we could indeed do it with OTR if we chose to.

One approach to solving that problem is to make OTR
more XMPP-friendly, another is to serialize the entire stanza payload
into a string that we'd put into the <body/> element. But we haven't
defined either of those approaches yet.

True, that said, I am not sure if it's really worth it. You have to
allocate TURN (or Jingle Nodes) candidates anyway so your provider would
know who you are talking to even if they didn't see the signalling.

But that's probably a better topic for the otr-dev list. :wink:

OK,

Cheers,
Emil

···

On 15.02.13, 16:48, Peter Saint-Andre wrote:

On 2/15/13 6:41 AM, Emil Ivov wrote:

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRHljcAAoJEOoGpJErxa2pl/8P/3WBDkJIa4QpRHrd8tttf2ZI
OsAM722BiP9oXm8i84aattEcUF6xG2wl+h+cTZgaVdyizB94Q/Tjt5l8TKiqG/tw
ufZg4pQ5BlhPkIYCdzs4pbGwxliPTkB/2Qanvxjef3gpTKffceRas5A0Jh6E/YOk
lpA2KSCERhTVUm35b1FScVVEruP0SBjeOuJO4/OV9BlU3TmKWh2AS0/xMOK2t6Ni
/fm6nmynpcU8k3eVbAdXKuVGXa/LD1sNpPTeQmA7IqIzOP2oRFs4A+PucsyDM0vz
KrD9BjsGZjxzHnGTkm6/NDOrcDD4F62OaSDBSNbBzllmG/gitQEpOgftNOr9154j
Mg0tqYm+Oz0UtiDmRBlYRUd4bimr8TOFcCkd8FsoPWGfC889gUFagWpn8xlukk5K
zu2WBCske+y1vW8rg+vXYkGD8zHgz4LWHpOhjDSXagC6QDcua3RQctJTXRGgcBrN
0YiS/+WJRa8rszI6XBixACe3+wt3S6CUytEdgfxE2+ZjDkZ9Rlhmx1etjPPLb7jB
ZTkQY0Hdq+xlywWhcJyCnDMx4jTWVydDWZbE78Hzg+FlHiyVZ6As0eUCReaCPgsg
Ly6wJzcBBdI00EK0pcDbPISEDZhP2aJ5fn6yvq5v6GhcBqmv+sSPM75OfOh7pa7K
DNeAf60hZ7gph8FWpaAN
=f/wH
-----END PGP SIGNATURE-----

--
https://jitsi.org