Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] WebRTC - The next big surveillance machine

elijah elijah at riseup.net
Sun Apr 6 16:01:07 PDT 2014


carlo von lynX wrote:

> You can't diffie-hellman yourself out of a MITM. If the fundamental link
> is unsafe, you can make all the ephemeral keys you like - the observer can
> trace them all.

Tony Arcieri wrote:

> You should take a look at how ZRTP actually works, particularly Matt
> Green's analysis:
> http://blog.cryptographyengineering.com/2012/11/lets-talk-about-zrtp.html
> ... Once this has been done successfully once, ZRTP stores some "continuity
> data" so the next time you authenticate to the same person, the previous
> authentication will ensure future connections are secured.

Patrick Schleizer wrote:

> The latter, the "continuity data" is implementation specific.
> I wonder how my voip clients actually support this.

This is an old thread, but this ietf draft is apropos:

http://tools.ietf.org/html/draft-johnston-rtcweb-zrtp-00

It describes how you could use authenticate WebRTC streams using ZRTP
implemented in javascript, even with existing browsers that use DTLS-SRTP.

-elijah



More information about the liberationtech mailing list