[Linphone-developers] Best interoperability Linphone + Zphone

[Earl]

Actually Zphone uses SRTP, but in a secure fashion.
SSL/TLS does not warn you that there is a MITM, Zphone can
warn you.
Zphone is open source, although patented to prevent "bad guys"
from abusing it.  Phil is committed to open source and working with
many open source developers.  GnuZRTP already exists and there
is an open source java port.

Earl

> May want to think about standards based SRTP rather then the Zphone 
stuff...
Nathan Stratton

I am thinking about open-source standards, which Zphone is ( IETF ).
It is the only protocol that I know of that can resist man-in-the-middle 
attacks.

I believe the SRTP standard says very clearly in it that SRTP offers 
zero security.
Wrapping SRTP key exchange inside SSL/TLS offers no security since the
MITM can trivially break SSL.

Only two humans verbally exchanging SAS can detect the MITM, who has
the key to paradise, easily breaching SSL or Zphone's DH key exchange.

Zphone is the way to go for security, not SRTP.

Earl

---------
Hi Simon,

I have been trying some tests with Linphone and Zphone from
Phil Zimmermann, but results have not been excellent.

May I ask you to please keep in close contact with Phil so
that Linphone and ZRTP always work optimally together
regardless of Zphone version ?

He will shortly be releasing the next version of Zphone, but
there are delays.

I find that Linphone works very well over NATs by using
fixed IP or DynDNS host name for public IP, under preferences.
Even a symmetric NAT can be traversed.  Congratulations.

Regards, Earl