[jitsi-users] jitsi service


#1

so it would mean encryption/decryption of packages takes places on the computers of jitsi users locally, the server does not take part in encryption, is just there to route the traffic?

for text-messages: as long as you enable OTR encryption (padlock in
the chatwindow) AND!!! compare fingerprints with your partner over a
safe channel (best would be to meet in person) the server could just
record encrypted messages and wait untill quantum computers are ready.

why would it be best to meet in person is it not enough for the users to read the fingerprint to each other over jitsi at each call?

For jingle (voice/video): enable zrtp (the padlock-thingy, should do
that on its own) AND!! compare the letters/numbers and you are safe.
jingle is allways out of band (i.e. the data is routed as direct as
possible between you and your partner and (if possible) does not ever
touch the server) but if the server is manipulative it could make you
route your data over the server.

it would be very helpful when jitsi would make a chart like this: https://blog.crypto.cat/2013/06/cryptocat-who-has-your-metadata/
helpful to users who don't know the technical security terms

If you do not compare fingerprints/numbers&letters man in the middle
attacks would be possible.

fingerprints and numbers&letters is the same thing???
where can you see it in jitsi?


#2

so it would mean encryption/decryption of packages takes places on
the computers of jitsi users locally, the server does not take part
in encryption, is just there to route the traffic?

That is partitialy correct: there is an end-to-end encryption between
you and your partner, so the server is unable to read the actual
messages. Additionaly the connecton between you and the server is
usualy encrypted, too.

why would it be best to meet in person is it not enough for the
users to read the fingerprint to each other over jitsi at each
call?

Because (in theory) it would be possible to fake his voice or force
him to say something, it is allways better to meet in person to
exchange fingerprints.

If you do not compare fingerprints/numbers&letters man in the
middle attacks would be possible.

fingerprints and numbers&letters is the same thing??? where can you
see it in jitsi?

The letters and numbers are to zrtp (encrypted calls) what the
fingerprint is for otr (text encryption) (well not exactly but close
enought)
letters and numbers should be shown when you make the call (padlock
should be yellow untill you verify those)
Fingerprint can be found in the chatwindown under secure

authenticate partner, just follow the instructions.

- --
Yannik V�lker

···

Am 11.07.2013 14:04, schrieb JC: