[liberationtech] WebRTC - The next big surveillance machine
elijah
elijah at riseup.net
Sun Apr 6 16:01:07 PDT 2014
carlo von lynX wrote:
> You can't diffie-hellman yourself out of a MITM. If the fundamental link
> is unsafe, you can make all the ephemeral keys you like - the observer can
> trace them all.
Tony Arcieri wrote:
> You should take a look at how ZRTP actually works, particularly Matt
> Green's analysis:
> http://blog.cryptographyengineering.com/2012/11/lets-talk-about-zrtp.html
> ... Once this has been done successfully once, ZRTP stores some "continuity
> data" so the next time you authenticate to the same person, the previous
> authentication will ensure future connections are secured.
Patrick Schleizer wrote:
> The latter, the "continuity data" is implementation specific.
> I wonder how my voip clients actually support this.
This is an old thread, but this ietf draft is apropos:
http://tools.ietf.org/html/draft-johnston-rtcweb-zrtp-00
It describes how you could use authenticate WebRTC streams using ZRTP
implemented in javascript, even with existing browsers that use DTLS-SRTP.
-elijah
More information about the liberationtech
mailing list