[sip-comm-dev] Some notes regarding ZRTP usage and its behaviour


#1

All,

since some time SC supports the latest version of the ZRTP specification
that is currently nearly an RFC. The process at IETF is ongoing and,
according to the tracker, the last steps are processed.

Having said that I would like to give some warning about the use of ZRTP:

Due to some modifications in the ZRTP specification and hence the
implementation it is not longer possible to start ZRTP on half-duplex
sessions.

Usually this is not a problem on audio sessions because these are usually
(maybe not always) full-duplex, that is each SC has a send and a receive
audio stream. After the audio stream was switched to secure mode you will
hear a short sound notification, the "security sound".

The behaviour is different for video: each party can switch on video
after some time. Only if _both_ parties enabled video for an overlapping
time thus establishing a full-duplex video stream ZRTP will start to
negotiate the required security data and can start SRTP to encrypt the
stream. If only _one_ party enables video than this half-duplex video
stream is _not_ encrypted. If the video channel is switched to secure
mode both parties again hear the short "security sound" notification and
the tool tip of the connection shows the correct security status.

Regards,
Werner

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#2

Re: [sip-comm-dev] Some notes regarding ZRTP usage and its behaviour
thx a lot for this information

short question:

even if only one side turns on video - will the audio conversation still stay encrypted?

regards, MS

**> All,

···

since some time SC supports the latest version of the ZRTP specification

that is currently nearly an RFC. The process at IETF is ongoing and,

according to the tracker, the last steps are processed.

Having said that I would like to give some warning about the use of ZRTP:

Due to some modifications in the ZRTP specification and hence the

implementation it is not longer possible to start ZRTP on half-duplex

sessions.

Usually this is not a problem on audio sessions because these are usually

(maybe not always) full-duplex, that is each SC has a send and a receive

audio stream. After the audio stream was switched to secure mode you will

hear a short sound notification, the “security sound”.

The behaviour is different for video: each party can switch on video

after some time. Only if both parties enabled video for an overlapping

time thus establishing a full-duplex video stream ZRTP will start to

negotiate the required security data and can start SRTP to encrypt the

stream. If only one party enables video than this half-duplex video

stream is not encrypted. If the video channel is switched to secure

mode both parties again hear the short “security sound” notification and

the tool tip of the connection shows the correct security status.

Regards,

Werner


To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net

For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

***–

Mit freundlichen Grüßen

Mr Smith

mailto:mr.smith476@googlemail.com
*
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#3

thx a lot for this information

short question:
even if only one side turns on video - will the audio conversation still stay encrypted?

regards, MS

···

All,

since some time SC supports the latest version of the ZRTP specification
that is currently nearly an RFC. The process at IETF is ongoing and,
according to the tracker, the last steps are processed.

Having said that I would like to give some warning about the use of ZRTP:

Due to some modifications in the ZRTP specification and hence the
implementation it is not longer possible to start ZRTP on half-duplex
sessions.

Usually this is not a problem on audio sessions because these are usually
(maybe not always) full-duplex, that is each SC has a send and a receive
audio stream. After the audio stream was switched to secure mode you will
hear a short sound notification, the "security sound".

The behaviour is different for video: each party can switch on video
after some time. Only if _both_ parties enabled video for an overlapping
time thus establishing a full-duplex video stream ZRTP will start to
negotiate the required security data and can start SRTP to encrypt the
stream. If only _one_ party enables video than this half-duplex video
stream is _not_ encrypted. If the video channel is switched to secure
mode both parties again hear the short "security sound" notification and
the tool tip of the connection shows the correct security status.

Regards,
Werner

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Mit freundlichen Grüßen
Mr Smith
mailto:mr.smith476@googlemail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#4

Yes, audio and video are independent streams.

Regards,
Werner

···

Am 12.06.2010 20:58, schrieb Mr Smith:

thx a lot for this information

short question:
even if only one side turns on video - will the audio conversation still
stay encrypted?

regards, MS

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#5

Werner,

If video is only one direction, will there be a warning that video is
unencrypted?

I guess this means encrypted video one-to-many broadcasts are
not possible.

Earl

Werner Dittmann wrote:

···

Am 12.06.2010 20:58, schrieb Mr Smith:
  

thx a lot for this information

short question:
even if only one side turns on video - will the audio conversation still
stay encrypted?

regards, MS
    
Yes, audio and video are independent streams.

Regards,
Werner

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#6

Earl,

Werner,

If video is only one direction, will there be a warning that video is
unencrypted?

no, I've not seen such a warning. Also from ZRTP point of view this
would be tricky to implement, if possible at all.

I guess this means encrypted video one-to-many broadcasts are
not possible.

True.

Regards,
Werner

PS: the problem is that SC cannot get the SSRC of the RTP connection
before SC established a send stream. And SC establishes a stend stream
only if video sending is enabled, which makes sense. ZRTP is bound to
a RTP's SSRC.

Werner

···

Am 13.06.2010 19:25, schrieb Earl:

Earl

Werner Dittmann wrote:

Am 12.06.2010 20:58, schrieb Mr Smith:

thx a lot for this information

short question:
even if only one side turns on video - will the audio conversation still
stay encrypted?

regards, MS
    
Yes, audio and video are independent streams.

Regards,
Werner

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net