Ticket: [[!tails_ticket 5709]] We need to find out how VoIP can be usable in the context of Tails. Preliminary testing showed [OnionCat](http://www.cypherpunk.at/onioncat/) + [Mumble](http://mumble.sourceforge.net/) to be a working and relatively easy to setup Tor-enabled VoIP solution; the 1/2s - 1s delay is only slightly annoying. As it was pointed out in the ["Adding voip to torchat" thread](http://archives.seul.org/or/talk/Dec-2010/msg00143.html) on or-talk, OnionCat before r555 provides no bidirectional authentication: the caller has (limited) certainty to be talking to the call receiver, but the reverse is not true. So this shall be used in combination with zRTP or similar, unless the new unidirectional mode is good enough. [[!toc levels=2]] Roadmap ======= It looks like Linphone 3.5.1 or newer has everything Tails need, so it would be good to test it (probably with OnionCat). The new OnionCat unidirectional mode (default since r555) should be tested for VoIP. Technologies ============ Encryption and authentication ----------------------------- **Note**: these are relatively old notes that should be updated and further researched. On the UI side, something similar to Pidgin's OTR would be perfect. ### DTLS + SRTP - IETF chose DTLS+SRTP over zRTP - a PKI is needed to authenticate peers :/ ### OTR <http://google-opensource.blogspot.com/2009/09/sip-communicators-summer-of-code.html> ### SRTP2 (SIPv4) <http://tools.ietf.org/id/draft-kaplan-sip-four-oh-00.txt> ### zRTP User-friendly peer authentication with a voice-based "short authentication string". How strong is this? Conferencing ------------ ### RFC 4353 [[!rfc 4353]]: three-peers SIP conferencing, using one of them as a central mixer. ### RFC 4575 [[!rfc 4575]]: N-peers SIP conference rooms, using one of the peers as a central mixer. One can see who is saying what. ### Mixer-to-client Audio Level Indication - [Latest IETF draft](http://tools.ietf.org/html/draft-ivov-avt-slic-03) as of 20110111. A mechanism for RTP-level mixers in audio conferences to deliver information about the audio level of the individual participants => helps detecting where bad noise comes from. VoIP software ============= **Last updated**: 20121122 Ekiga ----- - in Debian Squeeze and Wheezy - supposed to support zRTP... some day: * [their TODO item](https://bugzilla.gnome.org/show_bug.cgi?id=335594) * [last update](http://mail.gnome.org/archives/ekiga-devel-list/2009-April/msg00036.html) as of 200904 - supports IPv6 in 3.3.x (Debian experimental only, as of 20121129) but not before ([[!debbug 375056]], [upstream bug](https://bugzilla.gnome.org/show_bug.cgi?id=331041)) Empathy ------- - [homepage](http://live.gnome.org/Empathy) - SIP account => insists to connect to SIP server => impossible to setup a p2p voice call between onioncat IPv6 addresses, at least without registering SIP accounts. - cannot connect to a XMPP server running behind a hidden service (2.30.3-3) - Link-local XMPP connection manager ([[!debpkg telepathy-salut]] 0.5.0-3) does not support voice calls Jingle ------ - [[!wikipedia Jingle (protocol) desc="wikipedia page"]] - Google Talk's XMPP extension Jitsi ----- - (previously known as SIP Communicator) - [homepage](http://jitsi.org/), [[!wikipedia Jitsi desc="wikipedia page"]] - LGPL, written in Java - in Debian Jessie - supports IPv6, SIP, XMPP - supports zRTP for key negotiation, SRTP for voice encryption, and TLS for signaling encryption - supports audio SIP and XMPP conference calls; what conferencing protocol? - supports OTR for text IM - reported to work over Tor - we're told it supports Jingle Linphone -------- - [homepage](http://www.linphone.org/), [[!wikipedia Linphone desc="wikipedia page"]] - in Debian Squeeze and Wheezy - supports SIP over TCP and TLS - supports IPv6 - supports zRTP since version 3.5.1. Unfortunately, this is only available in Debian experimental at the moment, see [[!debbug 671815]]. - test results: 5-10s lag but one of us was using a really bad Internet connection - audio conferencing since 3.5.0 Mumble ------ - [homepage](http://mumble.sourceforge.net/), [[!wikipedia Mumble_(software) desc="wikipedia page"]] - in Debian Squeeze - primary engineering effort targeted at low-latency - successfully tested in combination with OnionCat - TLS and OCB-AES128; seems to depend on a PKI for peer authentication - supports IPv6 - Tor project's (mttp and Phoul) [guide on using Mumble with Tor](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble) SFLphone -------- - [homepage](http://www.sflphone.org/), [[!wikipedia SFLphone desc="wikipedia page"]] - in Debian Squeeze and Wheezy - SIP - Multiple audio conferencing - TLS and zRTP - doesn't seem to support IPv6: * [task #2863](https://projects.savoirfairelinux.com/issues/2863) Twinkle ------- - [homepage](http://www.twinklephone.com/) - in Debian Squeeze but it has been **removed from Wheezy**: *ROM; dead upstream, obsolete components (KDE3/ QT3/ libccrtp1)*. - was included in Incognito - supports SIP, zRTP and SRTP - IPv6 is on the roadmap - Qt application, but does not depend on KDE libs - no release between 20090225 and 20110429 => asked on 20110510 for their plans; no answer so far - it's the [client advised by GNU Telephony](http://www.gnutelephony.org/index.php/Secure_Call) Zfone ----- - [homepage](http://zfone.com/) - allows to use zRTP on other VoIP software - supposed to work with Ekiga - some packages in Debian: libzrtpcpp-1.6-0, is that enough? - last release was a public beta, out in March 2009 - license seems inadequate: according to [[!wikipedia Zfone]], "only the libZRTP SDK libraries are provided under the AGPL. The parts of Zfone that are not part of the libZRTP SDK libraries are not licensed under the AGPL or any other open source license. Although the source code of those components is published for peer review, they remain proprietary. The Zfone proprietary license also contains a time bomb provision." homebrew -------- - [setting up a phone line by using TOR hidden services](http://pastebin.com/raw.php?i=YBQ9vLZk) Resources ========= * [VoIP software comparison](https://wiki.debian.org/UnifiedCommunications/ClientSoftwareComparison) on the Debian wiki. * The [SIP clients page](https://we.riseup.net/debian/sip-clients) on Riseup's Debian Grimoire. * [[!tor_bug 5700]]: Make/modify VoIP applications to work better on Tor * [[!tor_bug 5699]]: Make Tor able to handle VoIP applications people already want to use * [Whonix about Voip](https://www.whonix.org/wiki/Voip)

Optional description of this change:
FormattingHelp Attachments