I would like to make a proposal to enhance SIP Communicator to use
Phil Zimmermann's ZRTP . ZRTP is a mechanisms to negotiate and
exchange keys and crypto configuration data to setup a Secure RTP
(SRTP) session. Last year Bing Su implemented SRTP into the SIP
Comminucator but this implementation is not used because of the
missing features to setup the necessary keys for SRTP.
Currently I'm porting my C++ implementation for ZRTP  to Java,
several parts are already done but it is far from being complete :-).
The following picture shows how the integration into SC may look
like. The layout is the same as for the C++ implementation an
proved to be ok:
> JMF |
> SIP Commun. | | | +-----------------+
> instantiates | uses | ZrtpConnector | uses | |
> ZrtpConnector +------+ implements +------+ GNU ZRTP4J |
> and provides | | ZrtpCallback | | core |
>ZrtpUserCallback> > > > implementation |
+----------------+ +----------------+ | (ZRtp et al) |
Here a short explanation:
A complete GNU ZRTP4J implementation consists of two parts, the GNU
ZRTP4J core and specific glue code that binds the GNU ZRTP4J core to the
underlying RTP/SRTP stack, the operating system, and the application:
- The GNU ZRT4JP core is independent of a specific RTP/SRTP stack and
operating system and consists of the ZRTP protocol state
engine, the ZRTP protocol messages, and the GNU ZRTP engine. The
GNU ZRTP engine provides methods to setup ZRTP message and to
analyze received ZRTP messages, to compute the crypto data required
for SRTP, and to maintain the required hashes and HMAC.
- The second part of an implementation is specific code that binds
the GNU ZRTP4J core to the actual RTP/SRTP implementation and other
operating system specific services such as timers, etc.
* ZrtpConnector - the glue between ZRTP4J core and JMF RTP / SC *
ZRTP4J either re-uses or extends Bing Su's SRTP Connector implementation.
The ZrtpConnector hooks into the RTP/SRTP data stream to be able to use
this connection to exchangeZRTP data. After ZRTP negotiated the the keys
and created the SRTP it steps out of the data exchange. The ZrtpConnector
also provides additional methods that enable the application to control
ZRTP and the connector accepts a callback class that the connector uses
to report events to the application. In case of SIP Communicator the setup
of the ZrtpConnector will (could) be done in the CallSessionImpl class in
the same way as Bing Su implmented it for SRTP. The SIP Communicator
specific ZrtpConnector would be part of the SC source code. My
proposal is to place it parallel to Bing Su's SRTP connector code.
* GNU ZRTP4J *
This is the ZRTP implmentation for Java. It's an own library (jar)
that is independent of the (S)RTP protocol implmentation. The
ZrtpConnector uses the libary to perform the ZRTP specific tasks and
the ZRTP4J core uses the connector to send/receive data, create the
SRTP crypto contexts, etc. GNU ZRTP4J is not part of the SC source but
is an own library (jar). As its name suggests GNU ZRTP4J will be
available under GPL.
* SC specific question and requirements *
To be able to efficiently use ZRTP it is strongly recommened to have a
user interface to inform the user about the status of ZRTP and to
provide some commnnds to conrol ZRTP:
- a small icon inside the SC GUI (a padlock?) to show if security is
enabled or not
- attached to this icon a text field (minimum 4 characters) to display
the Short Authentication Code (SAS)
- a button or similar action field that the user may select if he/she
verified the SAS with the other user.
As noted above ZRTP connector uses a callback mechanism to inform the
SC GUI when to display the padlock or to show the SAS and other
information. The ZRTP Connector also provides methods that the SC GUI
can call to inform about SAS verification.
Because my know-how with respect to SC is rather limited I would
appreciate to have a discussion with some "hard-core" SC prgrammer how
and where to provide the hooks for the callback class, also the GUI
designer/implmentor shall have a look at this issue .
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org