[GnomeMeeting-list] Re: GnomeMeeting and encryption

[Andrew Archibald <andrew archibald sympatico ca>]

Damien Sandras wrote:
> Hi,
>
> Le jeudi 12 mai 2005 à 09:52 -0400, Andrew Archibald a écrit :
>
> > Hi,
> >
> > I couldn't find this information in the FAQ, and there's just some vague 
> > references in years-old mailing list postings so:
>
>
> I'm cc'ing the mailing list so that your new post about the topic gets
> indexed :)

Thank you!  Hopefully others will answer as well...

> > Is there any encryption in GnomeMeeting? Or is my conversation being sent 
> > across the open internet unencrypted?  Is there any user-level
>
>
> It is sent unencrypted. However, you can setup a VPN at the kernel-level
> to allow encryption if you require it.

This is not really a useful solution, any more than a VPN is an alternative 
to PGP for email.  Unless I know what machine the other person is at and we 
both have root access and there are no problematic NATs or firewalls and no 
relays are required and I successfully VPN all the connections needed - 
RTP, RTCP, SIP, some random collection of H.323 kinds of traffic - that's 
not going to help.  And I doubt anyone has ever successfully done this. 
Far easier to use the ancient creaking speakfreely with its own protocol. 
Not that that is easy!

There's no reason this should be any harder on the user than SSH (or even 
PGP).  Of course, it seems that the standardized protocols bury their 
encryuption specs under a morass of documents.

> > authrntication?  That is, do I have any assurance that the person I think 
> > I'm talking to is actually at the other end?
>
> If you are using a gatekeeper with authentication, then you will be sure
> to talk to the right person thanks to H.235 authentication.

What does this actually mean?  Who is authenticating what fact and on whose 
authority?

What I mean is: If I get a PGP mail from someone and the signature is okay, 
I can trust that it is unmodified as sent by the owner of the secret key 
that made the signature.  If I have a web of trust connection to the owner, 
then I can be pretty confident that it's really who I think it is; if not, 
at least I can be confident that no new problems have arisen after the 
first connection (since I keep the public key and don't allow substitutions 
after the first message).

What does a "gatekeepr with authentication" certify?

> However, in general, his voice or his video stream will allow you to
> determine it too.

Well, it determines that someone who sounds like that was involved in the 
connection somehow, although for all I know I might be seeing footage 
recorded long ago and pieced together, or it might be being relayed through 
 somebody who can substitute in archival footage when appropriate 
(changing a "yes" for a "no", accompanied by a dropped frame or two of 
video, say).

I'm not really trying to be difficult, but there's really no reason this 
shouldbe much harder than SSH or PGP for the software authors either - I 
actually wrote a working VoIP application with that kind of security a 
couple years ago.  Not standards-based and not with a decent UI, so not 
really useful, but it shows the problem is solvable.  If it weren't for the 
standards.

Thanks,
Andrew