[Freeswitch-users] zrtp endpoints have different sas through fs 1.0.4

Sun Aug 23 14:37:47 PDT 2009

I've got 1.0.4 running with zrtp on ubuntu 9.0.4. I have 3 zrtp capable 
endpoints: an xp desktop running ekiga with the 0.92 build 218 zfone client, 
2 cell phones running ver 2.0.5 of the Tivi softphone: a nokia e61i (symbian 
s60) and an O2 Xda Flame (windows mobile 5).

All 3 endpoints are registered with FS using the default extensions of 1000-
1003

With global_setvar zrtp_secure_media=true the zrtp negotiation between end 
points happens but the SAS never matches,below is console output for a call 
between 2 of the endpoints 

2009-08-23 14:10:17.643073 [NOTICE] mod_sofia.c:1509 Pre-Answer 
sofia/internal/1003 at 10.12.13.45!
2009-08-23 14:10:21.257568 [NOTICE] sofia.c:3794 Channel 
[sofia/internal/sip:1000 at 10.12.13.166:5062] has been answered
2009-08-23 14:10:21.275521 [NOTICE] switch_ivr_originate.c:2015 Channel 
[sofia/internal/1003 at 10.12.13.45] has been answered
2009-08-23 14:10:22.232053 [WARNING] mod_sofia.c:810 We were told to use 
ptime 20 but what they meant to say was 80
This issue has so far been identified to happen on the following broken 
platforms/devices:
Linksys/Sipura aka Cisco
ShoreTel
Sonus/L3
We will try to fix it but some of the devices on this list are so broken who 
knows what will happen..
2009-08-23 14:11:34.496118 [NOTICE] sofia.c:322 Hangup 
sofia/internal/sip:1000 at 10.12.13.166:5062 [CS_EXCHANGE_MEDIA] 
[NORMAL_CLEARING]
2009-08-23 14:11:34.512100 [NOTICE] switch_ivr_bridge.c:1016 Hangup 
sofia/internal/1003 at 10.12.13.45 [CS_EXECUTE] [NORMAL_CLEARING]
2009-08-23 14:11:34.552158 [NOTICE] switch_core_session.c:1086 Session 16 
(sofia/internal/sip:1000 at 10.12.13.166:5062) Ended
2009-08-23 14:11:34.552158 [NOTICE] switch_core_session.c:1088 Close Channel 
sofia/internal/sip:1000 at 10.12.13.166:5062 [CS_DESTROY]
2009-08-23 14:11:34.556441 [NOTICE] switch_core_session.c:1086 Session 15 
(sofia/internal/1003 at 10.12.13.45) Ended
2009-08-23 14:11:34.556441 [NOTICE] switch_core_session.c:1088 Close Channel 
sofia/internal/1003 at 10.12.13.45 [CS_DESTROY]

Of note, with the endpoints registered through the Ekiga sip server, the sas 
DOES match on both ends.

With global_setvar zrtp_secure_media=false, the endpoints can't detect a zrtp 
peer.  

Reading the list archives hasn't enlightened me.

I see this comment from 2008

http://www.nabble.com/Freeswitch-and-Twinkle-and-ZRTP-
td18518140.html#a18518343

    On Jul 17, 2008, at 4:23 PM, Michael Jerris wrote:

    > it should in bypass_media or proxy_media modes.  in the other modes we
    > are in the media path and would not know how to handle the encrypted
    > packets.
    >
    > Mike

Is this still relevant? Or is there some other setting not covered here

http://wiki.freeswitch.org/wiki/ZRTP

to make this work properly? I ask firstly about  this in the context of a 
peer 2 peer zrtp communication between the endpoints, then secondly in the 
case of FS acting as a trusted middleman as in section 2 here

http://www.zfoneproject.com/docs/asterisk/man/html/u_guide.html#passthrough

Lastly how does one implement the security enrollment as noted above with FS
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice)