Re: [Linphone-developers] SRTP encryption, mandatory, not enforced?

[Dmitry Alexandrov]

Michael Williamson <address@hidden> wrote:
> My SIP provider, Callcentric, insists they have not enabled SRTP encryption 
> on their servers

SRTP proper does not require any support from a SIP server.  If fact, it does 
not require a SIP server at all.

> yet when I enable the option on my Linphone 3.6.1 (on Fedora 32, 
> distro-maintained) and select "mandatory" it still works and appears to be 
> encrypting the call to their server.

On the other hand, if I recall correctly, what is called ‘SRTP’ in Linphone UI 
and is opposed to DTLS and ZRTP there is _SDES_ — the SIP-specific protocol for 
negotiating SRTP session.  It was chronologically the first protocol used with 
SRTP, hence the conflation, despite that ZRTP (in general) and DTLS (in this 
context) are also protocols for using with SRTP.

SDES at least does require a SIP server.  But again, there is nothing to be 
specifically ‘enabled’ on it, given that it is a standard-conforming server, 
that bounces whatever message is sent by a client.

Compare it with PGP in this respect (below Iʼll try to explain why in other 
respects the analogy with PGP is faulty).  You do not ask you mail provider, 
whether they ‘enabled’ PGP encryption on their servers, do not you?  Itʼs 
completely up to you¹ and your correspondents to choose good MUAs that have 
support for encrypted mail.

Well, as we have learned in recent years, itʼs perfectly possible, that a 
hostile mail provider (such as protonmail.com) will take certain steps to 
prevent you from sending GPG-encrypted mail, nevertheless: an action required 
to impede, not the other way round.

Since (I hope) your Callcentric is not Protonmail and you both have chosen good 
software, encryption just works!  But read below for caveats.

> Either they are mistaken and are accepting encrypted calls or the "mandatory" 
> option is being ignored by Linphone and the communication between Linphone 
> and Callcentric's server is unencrypted.

Whether the connection between you and a SIP server is encrypted and whether 
SRTP is used — these are two different questions!

SRTP is ‘Secured RTP’, and RTP is a protocol for a connection, where the huge 
traffic (audio, video, etc) flows.  Ideally, (S)RTP stream is direct from you 
to your correspondent.  If you both are behind unpassable NAT, though, it may 
be routed via a TURN relay provided by your SIP provider (normally) or yet 
another third party (why not?), and whether the connection to it is encrypted 
is the third question.  In fact, when RTP stream is already encrypted, there is 
not much left to hide, so, I guess, TURN relays mostly accept cleartext.

And the SIP connection is indeed established from you to your provider, your 
provider connects to the provider of the other party, and her provider connects 
her.  And the each of these three connections may (and ideally should) be 
encrypted by the usual TLS.  Compare it with SMTP.

> If it is latter case, this would be giving a false sense of security

Yes, it does give a false sense of security.  A user might think, that 
SDES+SRTP is a proper _end-to-end_ encryption like PGP, while itʼs not: a 
_symmetric_ cipher is negotiated through SIP server (two of them), thus SDES 
does not provide any secrecy against the owners of these servers (i. e. SIP 
providers), if they manage to intercept the ciphered RTP stream, e. g. by 
directing it via their TURN relay.  If the connection to a SIP server is 
cleartext, then there is no secrecy against an ISP.  The same applies to both 
parties.

Conclusion: whenever possible use ZRTP, which is an protocol for end-to-end 
encryption.

> A concerned Linphone user,
> Michael S. Williamson

Just a passer-by,
Dmitry Alexandrov.

Do not rely on my scribble much.


-
¹ By the way, why I cannot find you PGP key?  Itʼs not attached to your message 
per Autocrypt, neither published on open key-network represented by 
keyserver.ubuntu.com, nor on proprietary keys.openpgp.org and 
keys.mailvelope.com?  Is this a throwaway address for public mailing lists?  Or 
do not you use GPG?  If the latter, why?

signature.asc
Description: PGP signature