You can clone with
HTTPS or Subversion.
Hey, I am checking out your system and am impressed for now. I am a lawyer and want to use the system for secure calls to my office and to my clients.
I want to know the following:
1. "Do you have to have data connection and data plan to use RedPhone and encyrpted calls?"
2. "How much data is approximally used for a 3 minute long call"
3. "What happens if the data connection is lost during the call or if data connection is not awailible, but you have securely called the number before?"
4. "What exactly is transmited to your server with mobile data during the call? The call itself, callers' certificates (keys)which are different for each call or certifficates (keys) that are the same for each call?"
To be honest, the fact that it is likely that for each "private" call my phone and recivers phone has to contact your server concerns me. In my oppinion, if this is true it could mean the single most volatile chokepoint or security issue in you system. Hope I am wrong, since I am not a computer expert.
1) You need some kind of data connection to use RedPhone. Either wifi or mobile data.
2) A 3min call should be less than 8kb of voice traffic, although the call setup is probably somewhere around 100kb.
3) If a data connection is lost, your call will drop. If the data connection is unavailable, the sender will be notified the recipient is unavailable and the recipient will be notified that they missed a call once their data connection is restored.
4) The server does not have access to the keys used to secure a call, and has no ability to decrypt the contents of a call. The only thing the server knows is who is calling who (and for how long), but can't determine anything about what they're saying. By contrast, the telco should not have trivial access to who is calling who for RedPhone calls.
The reason calls go through a server is because it is not technically possible for devices on mobile data networks to talk directly to each-other. They need an intermediary to route their traffic for them (just like all the other routers on the path from your device to the server). All the server ever sees are totally opaque packets that it shovels back and forth.