summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/VoIP_support.mdwn
blob: 841b4199f95229b38b3707f6a3ddf7791e825d94 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
Ticket: [[!tails_ticket 5709]]

**Update:** This will be resolved with the release of [Tails Server](https://tails.boum.org/blueprint/tails_server/) ([[!tails_ticket 5688]]), which will include Mumble.

We need to find out how VoIP can be usable in the context of Tails.

Preliminary testing showed
[OnionCat](http://www.cypherpunk.at/onioncat/) +
[Mumble](http://mumble.sourceforge.net/) to be a working and
relatively easy to setup Tor-enabled VoIP solution; the 1/2s - 1s
delay is only slightly annoying.

As it was pointed out in the ["Adding voip to torchat"
thread](http://archives.seul.org/or/talk/Dec-2010/msg00143.html) on
or-talk, OnionCat before r555 provides no bidirectional
authentication: the caller
has (limited) certainty to be talking to the call receiver, but the
reverse is not true. So this shall be used in combination with zRTP or
similar, unless the new unidirectional mode is good enough.

[[!toc levels=2]]

Roadmap
=======

It looks like Linphone 3.5.1 or newer has everything Tails need, so it
would be good to test it (probably with OnionCat).

The new OnionCat unidirectional mode (default since r555) should be
tested for VoIP.

Technologies
============

Encryption and authentication
-----------------------------

**Note**: these are relatively old notes that should be updated and
further researched.

On the UI side, something similar to Pidgin's OTR would be perfect.

### DTLS + SRTP

- IETF chose DTLS+SRTP over zRTP
- a PKI is needed to authenticate peers :/

### OTR

<http://google-opensource.blogspot.com/2009/09/sip-communicators-summer-of-code.html>

### SRTP2 (SIPv4)

<http://tools.ietf.org/id/draft-kaplan-sip-four-oh-00.txt>

### zRTP

User-friendly peer authentication with a voice-based "short
authentication string". How strong is this?

Conferencing
------------

### RFC 4353

[[!rfc 4353]]: three-peers SIP conferencing, using one of them as a
central mixer.

### RFC 4575

[[!rfc 4575]]: N-peers SIP conference rooms, using one of the peers as
a central mixer. One can see who is saying what.

### Mixer-to-client Audio Level Indication

- [Latest IETF draft](http://tools.ietf.org/html/draft-ivov-avt-slic-03)
as of 20110111.

A mechanism for RTP-level mixers in audio conferences to deliver
information about the audio level of the individual participants
=> helps detecting where bad noise comes from.

VoIP software
=============

**Last updated**: 20121122

Ekiga
-----

- in Debian Squeeze and Wheezy
- supposed to support zRTP... some day:
 * [[!gnomebug 335594 desc="their TODO item"]]
 * [last
   update](http://mail.gnome.org/archives/ekiga-devel-list/2009-April/msg00036.html)
   as of 200904
- supports IPv6 in 3.3.x (Debian experimental only, as of 20121129)
  but not before ([[!debbug 375056]],
  [[!gnomebug 331041 desc="upstream bug]])

Empathy
-------

- [homepage](http://live.gnome.org/Empathy)
- SIP account => insists to connect to SIP server => impossible to
  setup a p2p voice call between onioncat IPv6 addresses, at least
  without registering SIP accounts.
- cannot connect to a XMPP server running behind a hidden service (2.30.3-3)
- Link-local XMPP connection manager ([[!debpkg telepathy-salut]]
  0.5.0-3) does not support voice calls

Jingle
------

- [[!wikipedia Jingle (protocol) desc="wikipedia page"]]
- Google Talk's XMPP extension

Jitsi
-----

- (previously known as SIP Communicator)
- [homepage](http://jitsi.org/),  [[!wikipedia Jitsi desc="wikipedia page"]]
- LGPL, written in Java
- in Debian Jessie
- supports IPv6, SIP, XMPP
- supports zRTP for key negotiation, SRTP for voice encryption, and
  TLS for signaling encryption
- supports audio SIP and XMPP conference calls; what conferencing protocol?
- supports OTR for text IM
- reported to work over Tor
- we're told it supports Jingle

Linphone
--------

- [homepage](http://www.linphone.org/), [[!wikipedia Linphone desc="wikipedia page"]]
- in Debian Wheezy
- supports SIP over TCP and TLS
- supports IPv6
- supports zRTP since version 3.5.1, but it's not enabled in the
  Wheezy package ([[!debbug 671815]])
- test results: 5-10s lag but one of us was using a really bad
  Internet connection
- [successfully
  tested](https://www.whonix.org/forum/index.php/topic,407.msg3360.html#msg3360)
  over OnionCat by Whonix folks; see the "Why OnionCat + Mumble - why
  not just Mumble?" thread on tails-dev@ (August, 2014) for details.
- audio conferencing since 3.5.0

Mumble
------

- [homepage](http://mumble.sourceforge.net/), [[!wikipedia
  Mumble_(software) desc="wikipedia page"]]
- in Debian Squeeze
- primary engineering effort targeted at low-latency
- successfully tested in combination with OnionCat
- TLS and OCB-AES128; seems to depend on a PKI for peer authentication
- supports IPv6
- Tor project's (mttp and Phoul) [guide on using Mumble with
  Tor](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble)
- [Plumble](https://play.google.com/store/apps/details?id=com.morlunk.mumbleclient) is a Mumble client for Android

SFLphone
--------

- [homepage](http://www.sflphone.org/), [[!wikipedia
  SFLphone desc="wikipedia page"]]
- in Debian Squeeze and Wheezy
- SIP
- Multiple audio conferencing
- TLS and zRTP
- doesn't seem to support IPv6:
  * [task #2863](https://projects.savoirfairelinux.com/issues/2863)

Twinkle
-------

- [homepage](http://www.twinklephone.com/)
- in Debian Squeeze but it has been **removed from Wheezy**: *ROM; dead
  upstream, obsolete components (KDE3/ QT3/ libccrtp1)*.
- was included in Incognito
- supports SIP, zRTP and SRTP
- IPv6 is on the roadmap
- Qt application, but does not depend on KDE libs
- no release between 20090225 and 20110429 => asked on 20110510 for
  their plans; no answer so far
- it's the [client advised by GNU Telephony](http://www.gnutelephony.org/index.php/Secure_Call)

Zfone
-----

- [homepage](http://zfone.com/)
- allows to use zRTP on other VoIP software
- supposed to work with Ekiga
- some packages in Debian: libzrtpcpp-1.6-0, is that enough?
- last release was a public beta, out in March 2009
- license seems inadequate: according to [[!wikipedia Zfone]],
  "only the libZRTP SDK libraries are provided under the AGPL. The
  parts of Zfone that are not part of the libZRTP SDK libraries are
  not licensed under the AGPL or any other open source license.
  Although the source code of those components is published for peer
  review, they remain proprietary. The Zfone proprietary license also
  contains a time bomb provision."

homebrew
--------

- [setting up a phone line by using TOR hidden services](http://pastebin.com/raw.php?i=YBQ9vLZk)

Resources
=========

* [VoIP software comparison](https://wiki.debian.org/UnifiedCommunications/ClientSoftwareComparison)
  on the Debian wiki.
* The [SIP clients page](https://we.riseup.net/debian/sip-clients) on
  Riseup's Debian Grimoire.
* [[!tor_bug 5700]]: Make/modify VoIP applications to work better on
  Tor
* [[!tor_bug 5699]]: Make Tor able to handle VoIP applications people
  already want to use
* [Whonix about Voip](https://www.whonix.org/wiki/Voip)