На 11.11.11 12:23, Disqus User написа:
I have some general questions regarding security.
1) I'm using the free SIP Service provided by iptel.org. How reliable
do you believe them to be? Are they trustworthy and secure?
Personally I am happy with it. We support custom accounts for only them
and ippi.com and we are happy with both. Of course trustworthiness is
mostly a matter of personal opinion, but that doesn't really matter in
the case of Jitsi.
2) In the audio/video chat window in Jitsi, I see a "Connected" label
with a lock icon to the left of it. When I hover over this lock icon,
some additional information pops up saying that the audio and video
are encrypted. Does Jitsi indeed mean what it says?
Are both the
audio and video guaranteed to be encrypted?
When the label says so - yes.
For example, could the
people who maintain iptel.org possibly look at the audio/video?
No. In such calls Jitsi uses ZRTP which is an end-to-end encryption
method so, as long as your SAS comparison (see below) comes clear you
are good to go.
be compared with Skype, where Skype itself could possibly be able to
do some snooping/tapping - nobody knows for sure.)
3) Above the "Connected" label (the one mentioned in question 2
above), I see another label which shows "Compare with partner: **some
code**". When I click the lock to the left of this text, a checkmark
appears. What exactly does this mean and what is its purpose?
The first time you call someone you need to make sure they see the same
four letters as you do. If that's the case, you can be sure there's no
one standing between you and your contact (Man In The Middle). In that
case, and in that case only, you could click on the padlock so that you
won't need to do the comparison in the future. Check the following for
4) Text chats is where things get weird. When I'm text chatting with
someone, and I click the lock-icon, all that happens is that I end up
"typing" in **some code** to the chat window. What just happened?
When my buddy does the same, the same code appears from him. (Also,
the other person hears some weird sound too.) What's going on? Is the
text chat encrypted or not? There is at least no "UI-level evidence"
shown that the chat is encrypted. For text chats, I also have to same
question regarding whether iptel.org could possibly read people's
There are two levels of chat encryption. First one concerns
communication between you and your server. In the case of Jitsi this is
almost always the case for XMPP, sometimes for SIP and never for MSN,
Yahoo! and ICQ/AIM.
The second level involves the use of an end-to-end encryption method
called OTR. You start using OTR when you click on the padlock in the
chat window. If it locks then you are encrypted. You also need to make
sure that the fingerprint you are seeing for your partner is indeed
their own (kind of the same as with ZRTP SAS comparison). If this
doesn't work as expected for you, then we'd need to know how to
reproduce your problem. Logs would also be most helpful!
Hope this helps,