Hello all. I have been trying to figure out SIP security and general configuration to replace centralised I.M. services but it is very difficult since I have little knowledge of programming and cryptography. If anyone could answer a few questions for me, I would really appreciate it. I realise this is probably not the best channel to ask for support so please feel free to ignore me but I expect the answers would be useful to other people as well. Some of my questions may be considered feature requests if not already supported. I don't really understand how all of this works so please point out any silly assumptions or misunderstandings.
1: In my research, I found a link that says "...integrity protection might not be used" for SRTP, which I understand is used as the basis of all popular SIP encryption methods. Is this something to be concerned about? There are also a few other points of interest for implementation of non-ZRTP methods but they may be common knowledge.
2: According to Wikipedia, MIKEY (rfc-3830) can be used to determine session keys for use with SRTP. Is this used only for 3DES or also for DTLS? Would both clients need to be specifically configured to use MIKEY? I don't know if this is beneficial or perhaps already default but it is interesting to me because I have not heard of it before.
3: In Linphone GUI, when I select ZRTP the "Media encryption is mandatory" checkbox becomes unclickable. Is this because ZRTP is opportunistic? I would like this to be required, or at least required for contacts who have used it before. I imagine that, without this requirement, down-grade attacks would be possible. I might also like to configure DTLS to be required when ZRTP is not available but this does not appear to be possible from the GUI. Are these sort of settings normally configured in a text file?
4: How can I specify which key exchange methods should be allowed, which should not be allowed, and the priority in which the methods should be preferred?
5: IPv6 is very intimidating for a number of reasons but why is the option to allow it disabled by default? I understand it is usually not necessary but is there some risk associated with its use? If IPv6 traffic is allowed, does that mean it is preferred by Linphone?
6: Is text messaging handled through MSRP and CEMA? Are there provisions for end-to-end encryption, such as O.T.R.?
7: I understand Linphone supports R.F.C. 3994 (indication of composition) and 3856 (presence) but do these rely on an intermediary server or do they also function normally in P2P? When adding a contact, there are options to configure presence but not indication of composition; this seems a bit strange since they are similar in nature. Are the settings for indication of composition also available per contact?
8: Liblinphone seems to support rfc-3323 through "enum _LinphonePrivacy" but I could not find relevant settings in the Linphone GUI. How should I configure my client on Windows or Linux?
Those are all of my questions for now but I would also like to provide a quick commentary on some of the messaging clients I have recently tested. Jitsi makes security easy with options for DNSSEC and Tor binding. Blink advertises screen sharing and file transfers. Wire advertises decentralised service and simple account creation. Telepathy advertises VNC integration and Pidgin advertises support for numerous communication protocols/services. Obviously many of these features would be practically impossible to build into Linphone but I wanted to mention them all in one place since they are all good features. If it is ever convenient to build any of them into Linphone, I think they would be useful.
Thanks for reading if you're gotten this far!