I'm trying to figure out what *exactly* the green/yellow lock symbols
indicating the ZRTP status for a connection mean. My situation is this:
I've installed Jitsi both for me and a friend of mine (who is not so
technically interested), and during some test sessions I verified and
confirmed the SAS at both clients. As I understand it, this should
mean that in the future a retained secret is used to verify the
connection automatically as far as possible.
I remember seeing a green lock, but that was only at rare moments; now
when I connect, I always have a yellow one. Clicking on it, I see the
SAS, an indication that it is ok and a "Clear" button. That does mean
that the connection is verified using the retained secret, right?
So ... is this connection really secure (assuming no attacker stole
any retained secret cache)? What does the yellow lock mean, and what
would I have to do in order to get it green? Can I somehow do some
more verification (ideally during a test call where I can do it myself
on both devices)? I could not find any information on the meaning of
the locks in the FAQs (also not the ZRTP ones).
I understand that there will always be some risk as long as we don't
actually compare the SAS manually for each call, but I don't want to
bother my friend with that; absolute security is not critically
important, but I still want to get it as good as possible.
Thanks for any hints! Yours,
OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
To go: Mon-Pri