relyt29
commented
8 years ago just curious, what is SAS?
Open xmikos opened 8 years ago
relyt29
commented
8 years ago just curious, what is SAS?
xmikos
commented
8 years ago @f41c0r SAS is Short Authentication String, shared value (those two words displayed on screen while calling with RedPhone/Signal) which both communicating parties should verbally cross-check. With key continuity, it is sufficient to cross-check SAS only in first call (TOFU model - Trust On First Use). But without key continuity, you have to cross-check SAS in every call to avoid potential MITM attack.
h-2
commented
8 years ago I think it would be wise to keep the diff of the websocket-branch absolutely minimal as long as there is a chance of it being merged upstream. Iff this can be ruled out, one should think about a real fork (with potentially different features).
xmikos
commented
8 years ago @h-2 This is really important basic security feature, without it even cSipSimple (or any other SIP client which supports ZRTP) is much more secure than Signal.
h-2
commented
8 years ago @xmikos the other thread suggests that it might be a temporary change. Also I think that as long as we want something from moxie (i.e. to accept the patch) we should not pick other fights with him. Its not very polite or smart ;) We can discuss it afterwards, and ultimately we would want the feature to be active for mainline TS users, as well.
xmikos
commented
8 years ago @h-2 I surely hope that it is only temporary while Signal is in beta. But Moxie didn't write anything to assure us that it is indeed like that. Btw. I don't believe anymore that WebSocket support will ever get merged upstream.
One of key security features of ZRTP encrypted phone calls - key continuity - has been removed from RedPhone when it has been integrated into Signal. See this issue for more info:
#4226: No warning when getting a call from contact with new key
Moxie closed it without explanation why it has been removed (with simple "yes you have to verify the sas every time").
Would you agree to reimplement it (well, it seems to be only commented out in the code, so it shouldn't be that hard) in your WebSocket fork? I can look into it when I get time if you are interested in it.