[GnomeMeeting-list] Re: GnomeMeeting and encryption

Damien Sandras wrote:

Le jeudi 12 mai 2005 à 09:52 -0400, Andrew Archibald a écrit :


I couldn't find this information in the FAQ, and there's just some vague references in years-old mailing list postings so:

I'm cc'ing the mailing list so that your new post about the topic gets
indexed :)

Thank you!  Hopefully others will answer as well...

Is there any encryption in GnomeMeeting? Or is my conversation being sent across the open internet unencrypted? Is there any user-level

It is sent unencrypted. However, you can setup a VPN at the kernel-level
to allow encryption if you require it.

This is not really a useful solution, any more than a VPN is an alternative to PGP for email. Unless I know what machine the other person is at and we both have root access and there are no problematic NATs or firewalls and no relays are required and I successfully VPN all the connections needed - RTP, RTCP, SIP, some random collection of H.323 kinds of traffic - that's not going to help. And I doubt anyone has ever successfully done this. Far easier to use the ancient creaking speakfreely with its own protocol. Not that that is easy!

There's no reason this should be any harder on the user than SSH (or even PGP). Of course, it seems that the standardized protocols bury their encryuption specs under a morass of documents.

authrntication? That is, do I have any assurance that the person I think I'm talking to is actually at the other end?

If you are using a gatekeeper with authentication, then you will be sure
to talk to the right person thanks to H.235 authentication.

What does this actually mean? Who is authenticating what fact and on whose authority?

What I mean is: If I get a PGP mail from someone and the signature is okay, I can trust that it is unmodified as sent by the owner of the secret key that made the signature. If I have a web of trust connection to the owner, then I can be pretty confident that it's really who I think it is; if not, at least I can be confident that no new problems have arisen after the first connection (since I keep the public key and don't allow substitutions after the first message).

What does a "gatekeepr with authentication" certify?

However, in general, his voice or his video stream will allow you to
determine it too.

Well, it determines that someone who sounds like that was involved in the connection somehow, although for all I know I might be seeing footage recorded long ago and pieced together, or it might be being relayed through somebody who can substitute in archival footage when appropriate (changing a "yes" for a "no", accompanied by a dropped frame or two of video, say).

I'm not really trying to be difficult, but there's really no reason this shouldbe much harder than SSH or PGP for the software authors either - I actually wrote a working VoIP application with that kind of security a couple years ago. Not standards-based and not with a decent UI, so not really useful, but it shows the problem is solvable. If it weren't for the standards.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]