Re: [Linphone-developers] setting up secure calling with linphone

linphone-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] setting up secure calling with linphone

From:	Hans-Christoph Steiner
Subject:	Re: [Linphone-developers] setting up secure calling with linphone
Date:	Fri, 28 Nov 2014 10:24:57 +0100

Android definitely supports registering URL schemes, it is a common thing for
an app to do. I'm happen to implement this one we get a couple details ironed
out.  First, the URI format should follow the RFCs about how to format URIs
(https://tools.ietf.org/html/rfc3986).  Otherwise, most apps like browsers,
etc. will not correctly parse it.  Apps will need to write custom code for
handling this URI, which kind of defeats the purpose of using a URI.  For
example, my email client only parsed this part as a clickable URI:
  https://example.org/provisioning.xml

Here are the standard parts of a "hierarchical" URI (i.e. a URI that has "://"
in it):
  scheme://authority/path?querystring&key=value#feature

The linphone config URI is incorrect because it has two schemes, which is not
allowed:
  linphone-config-https://https://example.org/provisioning.xml
i.e.
  scheme://scheme://authority/path

If you want to embed a complete https URI in this config URI, then the
embedded URI will need to be encoded, so it could be something like:
  linphone-config:https%3A//example.org/provisioning.xml

Using only ":" instead of "://" makes it an "opaque" URI, that just provides a
clickable blob of data.  But since the scheme already includes the protocol to
use ("https"), that can be used as the scheme:
  linphone-config-https://example.org/provisioning.xml

One thing that the Android URI pattern matcher can do is match URIs based on
combinations of scheme, authority, and path. That means no special scheme is
needed. So something like this as a regex:

  https://.*/sip-provisioning.xml


Great that you got things into transifex, we get a lot of volunteer
contributions from it.  I'll point the OTF translators towards your Transifex.

.hc

BIENKOWSKI Guillaume:
> Hello Hans-Christopher,
> 
> We recently set up a transifex account for all translations!
> https://www.transifex.com/organization/belledonne-communications
> You will be able to enhance the russian version if your translators have
> the time to do it.
> 
> For the remote provisioning, it is actually possible through the wizard. It
> is the last option in the list that you are presented at first boot, and
> the provisioning file is a simple XML derived from the format of the
> LinphoneRC file.
> 
> An very simple example which should work for you:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <config xmlns="http://www.linphone.org/xsds/lpconfig.xsd"; xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="
> http://www.linphone.org/xsds/lpconfig.xsd lpconfig.xsd">
>   <section name="proxy_default_values">
>     <entry name="reg_proxy">sip.linphone.org;transport=tls</entry>
>     <entry name="reg_route">sip.linphone.org;transport=tls;lr</entry>
>     <entry name="reg_identity">sip:address@hidden</entry>
>     <entry name="reg_expires">3600</entry>
>     <entry name="reg_sendregister">1</entry>
>   </section>
>   <section name="sip">
>     <entry name="media_encryption">zrtp</entry>
>   </section>
> </config>
> 
> Just host an XML (or dynamically generate it) somewhere and send the URL to
> your user.
> There's even an automatic provisioning URI on iOS (I'm not sure for
> Android): clicking a link that starts with: linphone-config-https:// will
> automatically launch linphone and provision the URL passed as argument.
> 
> For instance, you could send the user this link:
> 
> linphone-config-https://https://example.org/provisioning.xml
> 
> And if the user clicks on it from an email for instance, it will launch
> Linphone and grab the provisioning to set up linphone.
> 
> 
> 
> Best regards,
> 
> 
> *Guillaume BIENKOWSKI*
> 
> *http://www.belledonne-communications.com/
> <http://www.belledonne-communications.com/>*
> 
> *sip:address@hidden <address@hidden>*
> 
> On Thu, Nov 27, 2014 at 11:45 AM, Hans-Christoph Steiner <
> address@hidden> wrote:
> 
>>
>> I just wanted to relay some of my experience using Linphone as a secure
>> calling platform.  I just set up a bunch of people in Central and Eastern
>> Europe with https://ostel.co using Linphone on Android and iOS. Overall,
>> it
>> went quite smoothly.  There were just the three settings that needed to be
>> changed (TLS, Outbound Proxy, and ZRTP).  I think the biggest barrier to
>> people was the language.  For example, many Eastern Europeans would do
>> better
>> with Russian than English, but English is second choice on Android if an
>> app
>> doesn't have the current language.
>>
>> I've done a lot with Transifex, so I'm happy to help set that up. When you
>> use
>> the 'transifex-client' app called 'tx', then it is really easy to sync the
>> files between git and Transifex. Also, the Open Tech Fund
>> (https://www.opentechfund.org/) has a pool of translators that we work
>> with,
>> and I'd be happy to add linphone as an app that they translate.
>>
>> Based on this experience, I asked https://ostel.co to recommend Linphone
>> for
>> Android and iOS.  I've been using Linphone for a while now on Android and
>> it
>> seems to work well.
>>
>> In a related note, I saw that it is possible to provision Jitsi using a
>> URL.
>> That would be awesome to have for Linphone as well.  For ostel, all that
>> would
>> be needed is to set username, domain, TLS, Outbound Proxy, and ZRTP.
>> Maybe it
>> makes sense to also set the password via the URL.  Then the user would
>> install
>> Linphone on their device, sign up on https://www.linphone.org or
>> https://ostel.co, then scan the QR Code, and make a call!
>>
>> If we managed to get linphone.org's SIP service setup matching OSTN
>> standards
>> (solid TLS, good ZRTP support, privacy policy that describes logging, etc),
>> and federating with OSTN, then we could have the easy one-stop service to
>> tell
>> people to use.  We can say "use linphone to make secure calls".
>>
>> .hc
>>
>> --
>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>>
>>
>> _______________________________________________
>> Linphone-developers mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/linphone-developers
>>
>>
> 
> 
> 
> _______________________________________________
> Linphone-developers mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-developers
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-developers] setting up secure calling with linphone, Hans-Christoph Steiner, 2014/11/27
- [Linphone-developers] Compile error when build with ZRTP in linux, محيي الدين, 2014/11/27
- Re: [Linphone-developers] setting up secure calling with linphone, BIENKOWSKI Guillaume, 2014/11/28
  - Re: [Linphone-developers] setting up secure calling with linphone, Hans-Christoph Steiner <=

Prev by Date: Re: [Linphone-developers] setting up secure calling with linphone
Previous by thread: Re: [Linphone-developers] setting up secure calling with linphone
Next by thread: [Linphone-developers] Linphone Im and file share
Index(es):
- Date
- Thread