[jitsi-users] jitsi service


#1

there's also many of the services on the internet which seem to offer free sip or xmpp server for voip, so guessing jitsi users can use them.

what if there's a bad server, would it for instance be technically feasible for a server to eavesdrop on the conversation between 2 users with jitsi? or would the worst case possible be for the server to capture encrypted traffic only which cannot be decrypted and eavesdrop on


#2

there's also many of the services on the internet which seem to offer free
sip or xmpp server for voip, so guessing jitsi users can use them.

what if there's a bad server, would it for instance be technically

feasible

for a server to eavesdrop on the conversation between 2 users with jitsi?

or

would the worst case possible be for the server to capture encrypted

traffic

only which cannot be decrypted and eavesdrop on

For ZRTP encrypted calls (with the green padlock on) it is, to the best of
the world's mathematical knowledge, impossible to eavesdrop the
conversation. A server however can log the call records, i.e. who called
whom at which addresses. But this is in the nature of the server.

Ingo


#3

there's also many of the services on the internet which seem to
offer free sip or xmpp server for voip, so guessing jitsi users can
use them.

Yes, you can use all XMPP&SIP servers with jitsi.

what if there's a bad server, would it for instance be technically
feasible for a server to eavesdrop on the conversation between 2
users with jitsi? or would the worst case possible be for the
server to capture encrypted traffic only which cannot be decrypted
and eavesdrop on

"it depends"
for text-messages: as long as you enable OTR encryption (padlock in
the chatwindow) AND!!! compare fingerprints with your partner over a
safe channel (best would be to meet in person) the server could just
record encrypted messages and wait untill quantum computers are ready.
For jingle (voice/video): enable zrtp (the padlock-thingy, should do
that on its own) AND!! compare the letters/numbers and you are safe.
jingle is allways out of band (i.e. the data is routed as direct as
possible between you and your partner and (if possible) does not ever
touch the server) but if the server is manipulative it could make you
route your data over the server.
If you do not compare fingerprints/numbers&letters man in the middle
attacks would be possible.

- --
Yannik V�lker

···

Am 10.07.2013 22:54, schrieb JC:


#4

A server however can log the call records, i.e. who called whom at which

addresses. But this is in the nature of the server.

Very well said! People, don't be afraid that a server recorded your IP when
visiting jitsi.org or reddit.com!!

···

On 10 July 2013 14:11, Ingo Bauersachs <ingo@jitsi.org> wrote:

> there's also many of the services on the internet which seem to offer
free
> sip or xmpp server for voip, so guessing jitsi users can use them.
>
> what if there's a bad server, would it for instance be technically
feasible
> for a server to eavesdrop on the conversation between 2 users with jitsi?
or
> would the worst case possible be for the server to capture encrypted
traffic
> only which cannot be decrypted and eavesdrop on

For ZRTP encrypted calls (with the green padlock on) it is, to the best of
the world's mathematical knowledge, impossible to eavesdrop the
conversation. A server however can log the call records, i.e. who called
whom at which addresses. But this is in the nature of the server.

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info