My last post described the best way I've found to set up a secure P2P
authenticated VoIP call on your Android handset. I endorsed the Ekiga free SIP
service to be your registrar for your unique SIP address. Since the registrar is
the central database to look up other users, there is a case to bring this
service into your control, rather than to depend on a third party.
This is not a trivial task, since it requires server infrastructure and an
esoteric configuration process. It also requires routine maintenance and security
updates to ensure the registrar is available when any user (including yourself)
wants to contact another.
There are three major applications that offer a SIP registration service. They
vary in complexity and user community. They also have a wide variation of ZRTP
support. Since ZRTP is a P2P authentication protocol, a middle man like these
applications does not have to get in the way, it just has to pass along the
correct signalling information so the peers can move onto the encryption key exchange.
Asterisk
Asterisk is the most mature application for SIP services, though it is far more
complicated than the others. It has a GPL license and a large user community.
There is an industry conference dedicated to service
providers and developers. Asterisk also carries a dual license to legally use it
with commercial support and distribution. It has been built to run
on a wide range of hardware, from huge multi-core server systems to tiny
embedded computers.
Asterisk requires a patch to
support ZRTP (note: this is more than a patch, weighing in at 9.9MB it is
more like an upgrade to the application, including a binary modification to the proprietary
build). This is because Asterisk can also
handle media, such as a RTP stream, which is where the ZRTP
key exchange happens. It's not that Asterisk doesn't support ZRTP, it's that
Asterisk mangles the ZRTP information before it can get to the peers. Unpatched,
this means an encryption key exchange is not possible.
Freeswitch
Freeswitch is similar to Asterisk in functionality, but only carries an MPL
license so it may be redistributed commercially without purchasing commercial
support. It has a large user community and also
has an industry conference
for operators and developers.
Much like Asterisk, Freeswitch handles media so it requires a modification to the source tree to
support ZRTP. The process differs in that the source code to call ZRTP functions
is present in the code base, but if you don't compile it with the
option to link to Phillip Zimmermann's libzrtp, these functions will be ignored.
Each process to enable ZRTP for these two applications present a licensing quagmire, so I chose to stop looking into
Freeswitch and Asterisk until the library for ZRTP support may be freely distributed along
with the rest of the source code. The Freeswitch community is in the negotiation process
with Mr. Zimmermann to include this library.
GNU Sipwitch
GNU Sipwitch is a much newer
project therefore has fewer features then the other two
applications. It also has a GPL license. Two points! In our case, less features
is better since all we need is a SIP registration service. Sipwitch solves this
problem well, though I'll describe some trouble I had in practice later.
Because of its simplicity, I chose Sipwitch as my registration service. The
documentation is sparse, and it took me a few days of trial and error, coupled
with my past experience debugging the SIP protocol to figure out how to alter the default configuration to allow registered
users to call each other.
I'm holding off on a tutorial in this article since I'm in the process of debugging
a media transport error between two calls made with Sipwitch. Expect a simple
process to set up a server in a cloud environment with Sipwitch in the coming
week.
Written on
2012-01-17 07:36:48 UTC
