Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] security aspects of OpenQwaq

Eugen Leitl eugen at
Mon Jun 17 07:46:23 PDT 2013

OpenQwaq is potentially a useful tool for collaboration, 
especially multimedia (webcam streaming to avatar face,
audio (best with USB headset) with ability to
instantiate rooms) -- I've seen it scale to
groups or 50+ partipants. Collaborative editing is 

Disclosure: no commercial relation to 3D ICC, just a
happy user of their hosted services.

----- Forwarded message from Ron Teitelbaum <ron at> -----

Date: Mon, 17 Jun 2013 10:34:41 -0400
From: Ron Teitelbaum <ron at>
To: openqwaq at
Subject: RE: security aspects of OpenQwaq
X-Mailer: Microsoft Outlook 14.0
Reply-To: openqwaq at

Hi Eugen,


OpenQwaq uses ARC4 for encryption.  All data end to end is encrypted over a
single port connection. 


3D ICC's Immersive Terf T uses SSL for encryption.  It's basically the same
model but we've improved it for, security, performance and reliability.  


All encrypted traffic is susceptible to MITM.  SSL helps this considerably
by using public certificate authorities to verify the certificates.  The
trick is to ensure that your DNS is accurate and that all certificates are


The open source version of OpenQwaq on the other hand is encrypted without


In either case MITM would leave some significant performance foot prints
(this could be improved using hardware) and it would take some engineering
to understand our overlay network protocols to make the data useful for an


Are you safe from hackers?  Yes I would say that MITM is very unlikey for
both OpenQwaq and TerfT.


Are you safe from Governments?  No.  Unlimited access to resources and
direct internet filtering could in theory attack the connection using MITM
by subverting DNS, using hardware proxies, and forwarding to the server.


How safe is it?  We have been reviewed by the Federal Reserve Bank in New
York and were allowed to have our software installed internally.  We have
been used by every branch of the military (except the Marines, why I have no
idea, except maybe because the Navy used it).  We have had significant
pentration testing done by some of the largest financial institutions and
corporations in the world and have passed.   I would say that this puts us
in the upper categories of safeness but still below top secret grade*.


Hope that helps.


All the best,


Ron Teitelbaum

Head Of Engineering

3d Immersive Collaboration Consulting

 <mailto:ron at> ron at

Follow Me On Twitter:  <> @RonTeitelbaum


osts> 3d ICC on G+


* if your organization is interested sponsoring an improvement to our level
of our security, 3D ICC is ready, willing and able to improve our security
using Common Criteria and Military Information Assurance standards.  We can
use data centers with certifications in SSAE16 SOC-1 Type II, Federal
Information Security Management Act (FISMA), DoD Information Assurance
Certification and Accreditation Process (DIACAP).  We would be very happy to
work with you and your organization to meet your security needs.  For more
information contact us at info at 



> -----Original Message-----

> From: openqwaq at [mailto:openqwaq at]

> On Behalf Of Eugen Leitl

> Sent: Monday, June 17, 2013 9:11 AM

> To: openqwaq at

> Subject: security aspects of OpenQwaq



> What's the security model of OpenQwaq?


> How secure is the communication model against passive sniffing?


> Active traffic manipulation (MITM)?


> --

> You received this message because you are subscribed to the Google Groups

> "OpenQwaq Forum" group.

> To unsubscribe from this group and stop receiving emails from it, send an

> to  <mailto:openqwaq+unsubscribe at>
openqwaq+unsubscribe at

> For more options, visit  <>




You received this message because you are subscribed to the Google Groups "OpenQwaq Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openqwaq+unsubscribe at
For more options, visit

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list