Ringing In Change

Ring [1] is a GNU communication project started by Savoir-faire Linux [2]. Based in Montreal, Savoir-faire Linux was founded in the late 1990s, when the possibilities of free software were first being widely recognized. "Our bet was that open source software would become a key player of the world's digital economy and that organizations that wouldn't be open source experts would need partners like us," says the Ring team. The bet paid off, and today Savoir-faire employs a multidiscipline team of 150 employees, working with "tools ranging from Red Hat to the Azure cloud" and designing products on every level, from kernel hacking to application and mobile development. In addition to Ring, the company contributes to a wide range of projects, including the Linux kernel, FFmpeg, Debian, Buildroot, and Eclipse.

What makes Ring stand out as a telephony solution is its attention to cutting edge security techniques. Ring as a whole depends on OpenDHT [3], a library developed by Savoir-faire that is similar to the distributed hash table (DHT) used by BitTorrent to find peers sharing a file on a network. Each installation of Ring runs its own DHT node, so users connect peer to peer and control their own accounts and identities; damage to systems from denial of service attacks and natural disaster is therefore contained rather than affecting the entire network.

Ring identifies users via their RSA public key, with control of an account defined by control over a particular private key. Different devices connected to the same account are associated with an x509 certificate chain [4], with each device assigned a new key and certificate pair signed using the main Ring account's private key. The certificate chain is verified each time a device is used to prevent man-in-the-middle attacks.

[...]