From 32097104ea5bc52060fb8a29ee27688872b73400 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 22 Mar 2016 20:03:03 +0000 Subject: [PATCH] Instructions for configuring SIP apps --- doc/EN/usage.org | 26 +++++++++ website/EN/usage.html | 120 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 145 insertions(+), 1 deletion(-) diff --git a/doc/EN/usage.org b/doc/EN/usage.org index b2a9a511..e9d68b1d 100644 --- a/doc/EN/usage.org +++ b/doc/EN/usage.org @@ -311,6 +311,32 @@ Selecting the server by pressing on it then connects you to the server so that y /Note: if you don't know the default domain name and you did a full installation then it will be the same as the wiki domain name./ ** SIP phones Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security. +*** About ZRTP +[[https://jitsi.org/Documentation/ZrtpFAQ][ZRTP]] appears to be the current best standard to end-to-end encrypted voice calls, combining good security with simplicity of use. When the initial cryptographic negotiation between phones is done at the start of a call a short authentication string (SAS) is calculated and displayed at both ends. To check that there isn't anyone intercepting the call and acting as a /man in the middle/ - as [[https://en.wikipedia.org/wiki/Stingray_phone_tracker][stingray type devices]] try to do - the short authentication string can be read out and verbally confirmed between the callers. If it's the same then you can be pretty confident that the call is secure. +*** Using with CSIPSimple +Add an account. Under *General Wizards* choose *Expert* and enter the following details: + +| Account name | Your username | +| Account ID | sip:username@yourdomain | +| Registration URI | sip:yourdefaultdomain | +| Realm | * | +| Username | Your username | +| Data (Password) | Your SIP password | +| ZRTP Mode | Create ZRTP | + +If everything is working the account should appear in green with a status of *Registered*. +*** Using with Ring +From the menu select *Manage accounts*. + +Add an account with the following details: + +| Alias | Your full name or nickname | +| Protocol | SIP | +| Hostname | yourdefaultdomain | +| Username | Your username | +| Password | Your SIP password | + +Select the *Security* tab. Under *SRTP Key Exchange* select *ZRTP*. Unde *SRTP Preferences* select *Not supported warning* and *Display SAS Once*. * RSS Reader The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier. diff --git a/website/EN/usage.html b/website/EN/usage.html index fae61c83..4f9743b5 100644 --- a/website/EN/usage.html +++ b/website/EN/usage.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -832,6 +832,124 @@ Selecting the server by pressing on it then connects you to the server so that y Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security.

+
+

About ZRTP

+
+

+ZRTP appears to be the current best standard to end-to-end encrypted voice calls, combining good security with simplicity of use. When the initial cryptographic negotiation between phones is done at the start of a call a short authentication string (SAS) is calculated and displayed at both ends. To check that there isn't anyone intercepting the call and acting as a man in the middle - as stingray type devices try to do - the short authentication string can be read out and verbally confirmed between the callers. If it's the same then you can be pretty confident that the call is secure. +

+
+
+
+

Using with CSIPSimple

+
+

+Add an account. Under General Wizards choose Expert and enter the following details: +

+ + + + +++ ++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account nameYour username
Account IDsip:username@yourdomain
Registration URIsip:yourdefaultdomain
Realm*
UsernameYour username
Data (Password)Your SIP password
ZRTP ModeCreate ZRTP
+ +

+If everything is working the account should appear in green with a status of Registered. +

+
+
+
+

Using with Ring

+
+

+From the menu select Manage accounts. +

+ +

+Add an account with the following details: +

+ + + + +++ ++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
AliasYour full name or nickname
ProtocolSIP
Hostnameyourdefaultdomain
UsernameYour username
PasswordYour SIP password
+ +

+Select the Security tab. Under SRTP Key Exchange select ZRTP. Unde SRTP Preferences select Not supported warning and Display SAS Once. +

+
+