On Mon, Apr 27, 2020 at 11:13:30AM -0400, Christopher Morrow wrote: > (Don't have an answer, but a question or three) > > On Mon, Apr 27, 2020 at 10:34 AM Michael Thomas <mike@xxxxxxxx> wrote: > > > > > > On 4/27/20 7:28 AM, Dave Cridland wrote: > > > >> Yeah, I just noticed that Zoom claims to use SIP poking around. The question is not whether it's SIP per se, but whether there will be inter-carrier anything. If there is inter-carrier, then the problem will remain, especially when it traverses an intermediary proxy. > > > > > > Zoom interoperate with SIP, I think. But they used to interop via XMPP as well, and I believe they use XMPP internally. They stopped external interop with XMPP when Google and Facebook ceased to use it, I think. > > > > Ok, that probably what I was seeing. I wasn't actually setting out to see if they used SIP :) > > So, if you setup a service (zoom, for your example here) and you > 'guarantee' to your users that the path is encrypted (for instance), > and you enable federation in the XMPP sense, how do you keep your > guarantee? XMPP has features such as OTR and OMEMO, that provide end-to-end encryption, with some effort on the user's part needed to verify. https://en.wikipedia.org/wiki/Off-the-Record_Messaging https://en.wikipedia.org/wiki/OMEMO There were news reports recently that Zoom was not end-to-end encrypted. And WhatsApp and Signal's end-to-end encryption also need some effort from users to verify (authenticate) keys. On the topic, as a long time user of Jabber/XMPP, XMPP support was good in the instant messaging space soon after it was introduced. Proprietary messaging apps surpassed it with ease of use and multi-media messaging. WhatsApp, though late to the IM space, took off due to how it used mobile phone numbers as identity and provided a way to add pictures into the conversation. It had a functional minimal interface that just worked. It is still mostly so now even after it added mandatory encryption and media calling features. There's almost nothing to configure and it just works. XMPP clients (the impementations that followed the federated protocol) have had to catch up, and they have stagnanted over the years one way or the other. Google Talk supported federation and attempted to have voice calling, but it was languished and killed. It could have developed the XMPP protocol and ecosystem into something resembling WhatsApp. Today, Conversations is a great client for Android. Bitlbee is a nice IRC->XMPP proxy for old school IRC'ers. XMPP can still improve and it will survive over time over the proprietary protocols, because it is an open protocol that supports federation. We still use XMPP and it works fine for us. I can't talk to my friends and family and communicate with local businesses without using the walled garden called WhatsApp though. On SIP, we've had good experiences. It is possible to deploy it such that the average employee can use it without firewall/NAT issues. The ability to use a physical dedicated handset that doesn't keep changing its user-interface cannot be beat. A lot of senior members of my family dislike the "smartphone", and there's something to be learned from it. It also doesn't help that they're so fragile and slippery to hold. We dial numeric IDs to call people, but our company's voice system is under our control. We use SIP over TLS, SRTP for media. It is not end-to-end encrypted, but it's under our administration. I've attended conferences over SIP on an Asterisk PBX for several years and it has worked fine. Why abandon a good thing? Zoom works well, but it is also a walled garden. It has screen sharing which is a big attraction when conferencing with colleagues. Of all the times I've tried Jitsi Meet as a Zoom alternative, I've not been able to get it to work well. I wish XMPP and SIP protocols and implementations keep evolving, add features that other current communication systems offer, and do well. They are open protocols, can be federated, and can be run internal to an organization. I've had good experiences with them. Mukund
