[VOIPSEC] Governments employing MiTM attacks against SSL
PeterThermos
peter.thermos at palindrometech.com
Wed Apr 21 01:39:42 CDT 2010
ZRTP is a key management protocol used WITH SRTP. Just like the MIKEY
(Multimedia Internet KEYing) protocol.
ZRTP is not another variation of secure RTP.
Key management tends to be an interesting and challenging problem in
Internet multimedia applications such as VoIP.
Regards,
Peter
> -----Original Message-----
> From: voipsec-bounces at voipsa.org
> [mailto:voipsec-bounces at voipsa.org] On Behalf Of SERGE TUMBA
> Sent: Wednesday, April 21, 2010 1:15 AM
> To: voipsa at codenomicon.com; sil at infiltrated.net
> Cc: VoIP Sec
> Subject: Re: [VOIPSEC] Governments employing MiTM attacks against SSL
>
>
> Hello Ari,
>
>
>
> I see you mentionned ZRTP on your posting. Can you (or any
> body else) compare and contrast ZRTP vs SRTP by measuring
> their security behaviors. Thank you!
>
>
>
> Serge.
>
>
>
> > Date: Tue, 20 Apr 2010 23:40:54 +0300
> > From: voipsa at codenomicon.com
> > To: sil at infiltrated.net
> > CC: voipsec at voipsa.org
> > Subject: Re: [VOIPSEC] Governments employing MiTM attacks
> against SSL
> >
> > On Tue, Apr 20, 2010 at 02:48:14PM -0400, J. Oquendo wrote:
> > > So if you went with common sense/logic, it would make all the more
> > > sense to mass surveil rather than fork off 30-40k for tapping a
> > > single individual.
> >
> > Definitely. Especially in VoIP, it is actually easiest to
> just record
> > everything. Data volumes are so low in most cases that you
> could store
> > weeks of full voice/video recording, and all signalling for entire
> > year, without much cost per subscriber. If needed, you can
> also easily
> > store that at a safe location that no human can access, without the
> > right access permissions. Data-mining the traffic is simple
> with tools
> > like: http://www.codenomicon.com/analyzer/
> >
> > The biggest threat privacy people often have when you really get to
> > the bottom of it (after enough beers) is that they have nothing
> > against recording and storing the data itself, but they do not trust
> > the _people_ (the individuals working at the telco, government or
> > law-enforcement) having access to the data. Most recent
> discussions I
> > have heard is actually only related to defining what data
> those people
> > can see. Fortunately in VoIP setups (in most countries), the
> > confidential data is mostly in the media streams and
> therefore easy to
> > protect from illegal access.
> >
> > But like J. said, who cares, if you have nothing to hide, and
> > especially if you trust the people who access that data. If
> you don't
> > like that, there is very little you can do except start using GnuPG
> > TOR (1) and ZRTP. Even that does not help much.
> >
> > /Ari
> >
> > (1) http://archives.seul.org/or/talk/May-2006/msg00255.html
> >
> > --
> > Check out latest news from Codenomicon:
> http://www.codenomicon.com/news/
> > Check out my book on fuzzing: http://www.fuzz-test.com/
> >
> > -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> > Ari Takanen Codenomicon Ltd.
> > ari.takanen at codenomicon.com tel: +358-40 50 67678
> > PGP: http://www.codenomicon.com/codenomicon-key.asc
> > -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _________________________________________________________________
> The New Busy is not the old busy. Search, chat and e-mail
> from your inbox.
> http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::
> T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list