[sip-comm] [proposal] MIKEY support


#1

Hi,

SIP Communicator is using ZRTP. Well ZRTP is a good idea, but reading http://www.minisip.org/publications.html MIKEY + Diffie Hellman seem to be "better", as it has "perfect forward secrecy" according to http://tools.ietf.org/html/rfc3830
Well, I have to admit that I don´t have much knowledge about this topic but hey that "perfect forward secrecy" sounds cool. And in my opinion this seems what everyone wants to have, i.e. not to check that SAS string in ZRTP...

So, the underlying libmikey on minisip´s homepage is provided with GPL license, but probably written in C. But I am asking myself whether there is a chance to get it into SIP Communicator?

Sincerely yours,
Michael


#2

Hey Michael,

На 01.11.10 19:59, Michael Baye написа:

Hi,

SIP Communicator is using ZRTP. Well ZRTP is a good idea, but reading
http://www.minisip.org/publications.html MIKEY + Diffie Hellman seem to
be "better", as it has "perfect forward secrecy" according to
http://tools.ietf.org/html/rfc3830
Well, I have to admit that I don´t have much knowledge about this topic
but hey that "perfect forward secrecy" sounds cool. And in my opinion
this seems what everyone wants to have, i.e. not to check that SAS
string in ZRTP...

So, the underlying libmikey on minisip´s homepage is provided with GPL
license, but probably written in C. But I am asking myself whether there
is a chance to get it into SIP Communicator?

We'd definitely be interested in integrating this at some point.
However, it's not something that's currently on the roadmap, so we'd
need someone to either contribute or fund it.

Cheers,
Emil

···

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: users-help@sip-communicator.dev.java.net


#3

Hello

> SIP Communicator is using ZRTP. Well ZRTP is a good idea, but reading
> http://www.minisip.org/publications.html MIKEY + Diffie Hellman seem to
> be "better", as it has "perfect forward secrecy" according to
> http://tools.ietf.org/html/rfc3830
> [...]
>
> So, the underlying libmikey on minisip´s homepage is provided with GPL
> license, but probably written in C. But I am asking myself whether there
> is a chance to get it into SIP Communicator?

We'd definitely be interested in integrating this at some point.
However, it's not something that's currently on the roadmap, so we'd
need someone to either contribute or fund it.

We, the University of Applied Sciences Northwestern Switzerland (FHNW), have ported minisip's MIKEY-Library to Java (well, at least everything necessary for DH Key Exchange). We don't know yet where we are going to publish the library, but as the original code is LGPL we're definitely going to publish it somewhere.

Currently I'm integrating it into a local branch of Sip-Communicator for a project which handles the issue that most users don't have a digital certificate signed by a well-known certificate authority. But the MIKEY handling itself and the certificate thing are completely separated and we would definitely be interested in contributing (at least) the MIKEY part into the main source of Sip-Communicator.

Apart from not having completed the integration, I/we would need to work on the issues with BouncyCastle under OSGi, of course checking whether my modifications of existing sources are "right" and probably some other stuff which is going to pop up before any code could be committed.

Regards,
Ingo

···

--
University of Applied Sciences Northwestern Switzerland
School of Engineering
Institute for Mobile and Distributed Systems

Ingo Bauersachs
BSc FHNW, Scientific Assistant
Steinackerstrasse 5
CH 5210 Brugg-Windisch

www.fhnw.ch/technik


#4

Hey Ingo,

На 03.11.10 16:24, Bauersachs Ingo написа:

Hello

SIP Communicator is using ZRTP. Well ZRTP is a good idea, but
reading http://www.minisip.org/publications.html MIKEY + Diffie
Hellman seem to be "better", as it has "perfect forward secrecy"
according to http://tools.ietf.org/html/rfc3830 [...]

So, the underlying libmikey on minisip´s homepage is provided
with GPL license, but probably written in C. But I am asking
myself whether there is a chance to get it into SIP
Communicator?

We'd definitely be interested in integrating this at some point.
However, it's not something that's currently on the roadmap, so
we'd need someone to either contribute or fund it.

We, the University of Applied Sciences Northwestern Switzerland
(FHNW), have ported minisip's MIKEY-Library to Java (well, at least
everything necessary for DH Key Exchange). We don't know yet where we
are going to publish the library, but as the original code is LGPL

Great. This makes it compatible with our own license!

we're definitely going to publish it somewhere.

Currently I'm integrating it into a local branch of Sip-Communicator
for a project which handles the issue that most users don't have a
digital certificate signed by a well-known certificate authority. But
the MIKEY handling itself and the certificate thing are completely
separated and we would definitely be interested in contributing (at
least) the MIKEY part into the main source of Sip-Communicator.

Right. Lack of trusted certificates is the "raison d'etre" for ZRTP and
the reason why we've went with it. Of course, it would still be great to
have support for MIKEY for enterprises deploying SC in environments
where it is actually conceivable to obtain certificates.

Emil

···

Apart from not having completed the integration, I/we would need to
work on the issues with BouncyCastle under OSGi, of course checking
whether my modifications of existing sources are "right" and probably
some other stuff which is going to pop up before any code could be
committed.

Regards, Ingo

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: users-help@sip-communicator.dev.java.net