Is there such a way, or plugins, or methods to increase the supported type of
certificates and their strength?
What types or strengths of certificates are you wanting to use that aren't
OpenPGP + RSA/DSA w/ Elgamal + X.509's supporting 2048 and up
Mumble is using standard TLS connections and everything that's not supported
there can't be used.
Just PGP certificate compatibility
Why? We're doing connection encryption, not message encryption. These are two
entirely different systems with a different purpose and they're not compatible
in any way.
There is text-based chat inside Mumble. OpenPGP could be integrated for
It's a voice chat program, not a secure IM ... It would add tons of extra
complexity for non-core functionality and is probably not worth it.
That's the point, secure voice/text communication. OpenPGP is widely supported
for email and other communication channels as is very popular. And chat is as
core functionality as is voice. Is faster to share a long detailed piece of
information via copy/paste than trying to pronounce it out. IM functions allow
sharing strings like "269374384688945634647" a 2 second procedure instead of a
2 minute nightmare by hoping the speaking individual pronounces everything
correctly or our short term memories remember it. Also more information can be
pasted or typed faster than the human vocal cords can produce. Text based
scripture has forever been a reliable mankind asset for communication. Voice
is just wireless text limited by our muscular anatomies. Every voice software
should support chart with equal importance.
Use a server run by someone you trust to share sensitive information. The
server owner would also be able to record all voice data (and there is no easy
way to prevent that) and read the text messages etc. so adding extra
protection for just the text messages is really not useful.
I'm planning to be the admin ofcourse to protect my users/friends. Also if you
understand PGP it can be implemented in such way that there is safe exchange
between recipient and sender...even the public host/admin/ISP/provider is
malicious etc there would not be an opportunity to Man-in-the-middle and sniff
the traffic/conversation. Yes it will be effort to implement OpenPGP but it'll
be very exciting times if it does take place. I feel is just lazy to turn down
the idea because is a lot of work. If I had the programming knowledge I would
have released a fork or patches already to the dev team. Instead what I can
provide is intellectual assets in the form of comments and constructive ideas.
Overall, I feel OpenPGP or stronger forms of custom encryption should be
supported on Mumble to keep up that open-source and private environment Mumble
aims to provide.
Also, for X.509 if supported...it would be nice if it allowed 2048 and higher.
I have yet to test this
You can use pretty much any key size that is allowed by TLSv1, and that
doesn't impose a limit AFAICT, so you're welcome to use 4096-bit keys. I also
successfully used EC-based certificates, which by the way are the polite way
of increasing security since they put much less strain on the server.
Having end-to-end encryption support is really out of scope for a realtime
point-to-multipoint system. If you need secure text chat, use XMPP which
already specifies support in XEP-0027.
@ngollan: Thank you very much for the insight
which public/private key scheme is used to authenticate the user currently on
mumble? is it PGP?
Would a 4096 bit key decrease performance/bandwidth or just login delay when
Also, isn't RSA/DSA stronger then EC?
The key size would just slow down the initial connection attempt, after
authorisation is through the whole thing runs on symmetric AES anyway.
Elliptic curve crypto needs smaller keys to provide the same "strength" as
natural prime based algorithms, so it's effectively (a lot) faster than those.