-
Licaon_Kter
Regarding the Dino AV news, the calls can be "OMEMO verified" ( https://github.com/iNPUTmice/talks/blob/master/2021_03_19_-verify_av_calls_with_omemo.md ) not "omemo encrypted" They are encrypted end-te-end with DTLS-SRTP though. Right?
-
wurstsalat
Licaon_Kter, it's what dino devs write in their fosstodon toot. but I think you're right
-
emus (XSF Com. Team)
Licaon_Kter: is this from a talk?
-
Licaon_Kter
In the pad
-
Licaon_Kter
emus (XSF Com. Team): yes, it was in a talk, we covered it
-
emus (XSF Com. Team)
ok
-
Licaon_Kter
larma of Dino > well, technicappy they are AES encrypted. SRTP is just a set of rules how to AES encrypt RTP payloads. DTLS is a handshake protocol which has a profile to use it to derive SRTP secrets known as DTLS-SRTP. DTLS like normal TLS needs to somehow verify the identity of the peer to protect against MITM. As XMPP clients typically don't have a certificate from a trusted CA (which is how it typically works for TLS in HTTPS use cases), we share the fingerprint of our public key via XMPP. In case of OMEMO encrypted calls, this fingerprint is encrypted the same way as OMEMO encrypted messages. Which again is technically AES using a secret key that is basically derived from two Curve25519 points using a chain of cryptographic operations. > So, tl;dr: OMEMO encrypted calls and OMEMO encrypted messages use the same "source" to securely derive AES secrets that are used to do the actual encryption. Calls just have a few more intermediary steps. If it's accurate to say we encrypt messages with OMEMO, the same holds for calls.