[liberationtech] GNU Free Call Announced

Moritz Bartl moritz at torservers.net
Fri Mar 18 11:51:29 PDT 2011 

http://planet.gnu.org/gnutelephony/?p=14

GNU Free Call Announced

“Free as in freedom, and free as in no cost, too!”

GNU Free Call is a new project to develop and deploy secure
self-organized communication services worldwide for private use and for
public administration. We use the open standard SIP protocol and GNU SIP
Witch to create secured peer-to-peer mesh calling networks, and we
welcome all participation in our effort.

Who
Haakon Eriksen – Project Coordinator - haakon.eriksen at far.no
David Sugar – Project Architect - dyfet at gnu.org

What
Our goal is to make GNU Free Call ubiquitous in a manner and level of
usability similar to Skype, that is, usable on all platforms, and
directly by the general public for all manner of secure communication
between known and anonymous parties, but without requiring a central
service provider to register with, without using insecure source secret
binary protocols that may have back-doors, and without having network
control points of any kind that can be exploited or abused by external
parties. By doing so as a self organizing meshed calling network, we
further eliminate potential service control points such as through
explicit routing peers even if networks are isolated in civil emergencies.

We do recognize this project has significant long term social and
political implications. It also offers potentially essential utility in
public service by enabling the continuation of emergency services
without requiring existing communication infrastructure. There are many
ordinary public service uses, such as the delivery of eHealth services,
as well as medical, and legal communication, where it is essential to
treat all with equal human dignity by maintaining privacy regardless of
race, religion, or political affiliation. Equally important is the
continuation of emergency medical services even when existing
infrastructure is no longer available or has been deliberately disabled.

How
Initially we will extend sipwitch to become aware of peer nodes by
supporting host caches, and then support publishing of routes to
connected peers. This work builds upon the already existing routing
foundation in sipwitch itself. The use of host caches is a mechanism
used in older p2p networks, it is generally well understood, it would
meet the initial goals of establishing a self organized mesh network,
and it is rather easy to initially implement to fully demonstrate the
potential of sipwitch as a mesh calling system. More advanced
methodologies can then be added later on.

Related to this goal is having sipwitch operate as a SIP mediation
service for desktops users and IP enabled cell phones such as Android.
This introduces the needs for users to be able to “pilot” their local
sipwitch instance through a desktop and cell phone gui, whether to see
what calls are being placed through it, or to see the verification
status of secure key exchange. There are today IPC interfaces in
sipwitch to allow for desktop integration, but a specific GUI to use
these interfaces and present server and call states in a manner for
people to understand still needs to also be constructed, and hence this
too is part of the plan of work for this project.

In addition we will be extending GNU SIP Witch to offer secure VoIP
proxy. Much like what was done initially by Phil Zimmerman to develop
ZRTP using zfone, this mode of operation will enable development of key
elements of a secure infrastructure without having to also initially
create new SIP user agent applications. By offering secure proxy through
a SIP Witch instance running at the endpoint, any existing SIP standard
compliant softphone or device will be able to establish a secure
connection to another standard compliant SIP device or SIP peer that is
using GNU SIP Witch at the destination.

This project’s definition of secure media is similar to Zimmermann’s
work on ZRTP, in that we assure there is no forwarding knowledge by
using uniquely generated keys for each communication session.
Furthermore, we will use GNU Privacy Guard (GPG) to fully automate
session validation. This will be done by extending the SIP protocol to
exchange public keys for establishing secure media sessions that will be
created by each instance of SIP Witch operating at the end points on
behalf of local SIP user agents, and then verifying there is no
man-in-the-middle by exchanging GPG signed hashes of the session keys
that were visible at each end.

More information about the liberationtech mailing list