[jitsi-users] report about zrtp implementations flaws in voip apps - Jitsi named


#1

Hi all,

Jitsi is named together with different other voip apps for having
implementations flaws in zrtp security.

Decide yourself, how important it is.

Short overview:

https://www.sufficientlysecure.org/2017/03/15/zrtp.html

Whitepaper:

https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf

best regard,
Marius


#2

Hey

I haven't yet been able to read the entire paper. The issue with the mismatching ZID should have been fixed with the updated zrtp4j library before the 2.10 release.
Jitsi also supports labelling peers, i.e. assigning names to a ZID, but this is not very accessible (afaik you'd need to click on the lock icon during a call).

Could you please open an issue on Github with the aim to follow up with the findings of the paper?

Ingo

Freundliche Grüsse,
Ingo Bauersachs

-- sent from my mobile

···

On 29 Mar 2017, at 16:29, Cyborg <cyborg2@benderirc.de> wrote:

Hi all,

Jitsi is named together with different other voip apps for having
implementations flaws in zrtp security.

Decide yourself, how important it is.

Short overview:

https://www.sufficientlysecure.org/2017/03/15/zrtp.html

Whitepaper:

https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf

best regard,
Marius

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users