[HacktionLab] Open Source / federated VOIP?
Gareth Coleman
gareth at sublime.org
Fri Jan 16 14:19:46 UTC 2015
That's really useful clarification - thanks!
I agree that not having a track record is a negative cf a coder who does.
Being able to identify them in meatspace is not the main issue, having
trust is.
Many thanks for this interesting and important discussion
Keep on hacking!
love
g
On 16 January 2015 at 14:08, johnc <johnc at aktivix.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> The tox developer who goes by the name of irungentoo has not published
> any other work (at least under that name) that I can find. I'm more
> bothered about the lack of a proven track record than personally
> identifying the individual to be honest.
>
> By contrast take ZRTP voice encryption. This was written by Phil
> Zimmermann who also wrote PGP (which GPG is based on). Zimmerman is a
> respected programmer and cryptographic expert with a proven track
> record. Blackphone also comes from the same stable.
>
> Cheers,
> John
>
> On 14/01/15 16:12, Gareth Coleman wrote:
> > Hiya John
> >
> > Just a thought - would you always put an anonymous author as a negative?
> >
> > loads of love
> >
> > g
> >
> > On 14 January 2015 at 16:07, johnc <johnc at aktivix.org
> > <mailto:johnc at aktivix.org>> wrote:
> >
> > I haven't used this yet but have done a little research on the program:
> >
> > +'s:
> > - it easy to use
> > - Available on a range of OS's + devices.
> > - reasonably decentralised - but I believe it still has some known
> > "good/online" user IP's hard coded for bootstrapping like bitcoin has.
> >
> > -'s:
> > - Currently no independent security review has been performed.
> > - It's DHT implementation is vulnerable to Cybil attack=> not that
> > hard
> > to DOS.
> > - No group voice chat.
> > - Main developer (irungentoo) is anonymous.
> >
> >
> > On 01/12/15 22:17, Jim McTwanky wrote:
> >> .....educated /opinion/......that is.
> >
> >
> >> On 11/01/15 20:44, nmd wrote:
> >>> Hi, Thanks for everyone's suggestions and thoughts - I tried
> > jitsi and was
> >>> semi-successful (got sound and video working in one direction and the
> >>> problems
> >>> may have been specific to one of the laptops). Might try that
> > again in the
> >>> future but will also hope that these things get a bit simpler
> > with time!
> >>> Cheers,
> >>> Nick
> >>>
> >>> On 02/01/15 11:26, Tim Dobson wrote:
> >>>> On 31/12/14 16:24, johnc wrote:
> >>>>> Some Problems: -Mobile phone specific: -- mobile phones vary
> >>>>> greatly in their ability to run sip clients using crypto. I've seen
> >>>>> sip clients use 100%CPU with awful audio quality on a few phones
> >>>>> including high end samsung models. -- The latency on 3G is
> >>>>> typically around 1 second. Expect horrible lag etc. Using WiFi is
> >>>>> the only way to go unless you are lucky enough to be on 4G.
> >>>>> Non mobile phone specific: - ostel's only server is in the US,
> >>>>> latency is about 120ms. Not so good if you are in Europe. We could
> >>>>> build our own :-). - If you are going to build an ostel system I
> >>>>> suggest you include the topology hiding setup from my wiki or
> >>>>> elsewhere in your Kamailio config. SIP leaks IP/location
> >>>>> information unless you make an effort to obfuscate it.
> >>>> One solution I quite like, which works *if* you:
> >>>> a) trust the clients to a degree
> >>>> b) are happy with non-federated, centralised phone system, with the
> >>>> PBX as a single point of failure
> >>>>
> >>>> is:
> >>>>
> >>>> Your favourite SIP-based PBX system over OpenVPN.
> >>>>
> >>>> So, your phone connects to OpenVPN, and then the sip clients
> > connects
> >>>> to the PBX via SIP, over a VPN.
> >>>>
> >>>> Pros:
> >>>> a) as secure as your deployment of OpenVPN
> >>>> b) removes NAT issues - there aren't any - the SIP/RTP goes via
> > OpenVPN
> >>>> c) It mostly 'just works' (tested with .bg client connected to .uk
> >>>> server with no issues)
> >>>> d) possible on mobile [android], desktop and in modern Snom
> > firmwares
> >>>>
> >>>> Cons:
> >>>> a) nontrival to setup
> >>>> b) centralised [not federated, and not designed to be]
> >>>> c) requires the giving out of VPN certificates to each client in
> > advance
> >>>> d) SPOF [or compromise] on PBX system
> >>>> e) not really possible to 'just leave on' on mobile without emptying
> >>>> your battery
> >>>> f) only known to be *super reliable* on Snom desk phones,
> > connected to
> >>>> an uncongested network
> >>>> g) certainly not without points of weakness
> >>>>
> >>>> ---
> >>>>
> >>>> It's not foolproof. It's not bombproof. But it is a nice
> > architecture
> >>>> that works for some scenarios. :)
> >>>>
> >>>> -Tim
> >>>>
> >>>> _______________________________________________
> >>>> HacktionLab mailing list
> >>>> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
> >>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> HacktionLab mailing list
> >>> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
> >>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> >
> >
> >
> >> _______________________________________________
> >> HacktionLab mailing list
> >> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
> >> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> >
> >
> >
> > _______________________________________________
> > HacktionLab mailing list
> > HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
> > https://lists.aktivix.org/mailman/listinfo/hacktionlab
> >
> >
> >
> >
> > --
> > ------------------------
> > Gareth Coleman
> > layer zero labs
> > l0l.org.uk <http://l0l.org.uk>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJUuRsnAAoJELy1jPQ1KER7LXMP/0hqeOXXkzVsnsvc8KrzKBoa
> HCPSYp7YmEshKy5LqsWgM9nVP8rFL503TlhWw29Vd82ARSPSB5Sr/YA4JOTdJWXh
> bMUx5/Zqbe+ftc4WhTuSYf1aJBBENYwtAcdcWDTGw1eP0zJWSyhqZ2FsgfsDQ/PK
> niz9kNHj1RDZQa0u6ZzPfosvC6DdSXPepcF2jA6sPwMsTur6QJYOFcyqcIZHCZ4w
> AYn53iT7Wrnr/3WZ8cKOuAe14ACAf/eIUZ2R2YjTffEcgEFcr6xUqOFGtTSCt1D2
> yrrSzOvMIPGBiSFW1kn41tlV3sOivnoJpExG9mgXOIYP7T/3K0gj4EmcUAoT/Z54
> 9+wdad7v8cOT66jgqTBnwdy71D/iqLaHlbS9a7pptUuOnFluOM+MqLoBmJ4s5erk
> iDab9XdQkm4YEhl+yRX4IQ70Zz6z7itCP/ytyWjq4sPpUDKfG8o7GJsEnnXWIngS
> eGEOOTymhGOM1GfjXra7rcbbVaeteW8dYLrCotmAqosKZTYyOjNccQ1OkieO1E8g
> w8/BMGBmoC14OJPbZYt3aa9+Bw0xSbcaBuzTixnlHMaVrZAclu8NPlA6/SOZWV/e
> jLqJ1YBd56e18gSrai0IRVKA0vL3U4j2dAhL0vLkWC1gw90uzgdXA7bD3A27S+Qh
> xvZF29ytAq/O7xXJc8o3
> =Limw
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>
--
------------------------
Gareth Coleman
layer zero labs
l0l.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20150116/968ee2c2/attachment.html>
More information about the HacktionLab
mailing list