CA11 - Free & Secure Internet Telephony

CA11 is a generic, open cross-platform communication tool(video, audio & data) for web(desktop) that aims to fill the gap between SIP/VoIP and proprietary communication services like Whatsapp & Signal. Its strategy is to first have a web implementation for Desktop, which can be rapidly developed using established API’s (WebRTC) and limited resources. Ultimately, the goal is to have both a web-version and a separate implementation for FOSS phones like the Librem 5 and the Pinephone.

CA11 has an abstraction for phone calls, which allows it to deal with multiple signalling protocols. Currently, it supports SIP and SIG11 signalling. The SIP implementation is being developed against a recent Asterisk build and volatile user accounts. SIG11(WiP) signalling relies on locally generated public key identities (WebCrypto). Matrix signalling is considered to be an extra candidate, since that is the signalling protocol of choice for the Librem phone app.

With SIG11, Calling in to a number is a bit like SSH’ing to an unknown domain. A user first needs to trust the public key through a handshake, before a call is made. The number is like a domain, but doesn’t have to be unique. This p2p calls with CA11 accessible, portable and privacy-friendly, since all signalling data is e2e encrypted. Just pick any number(or name) and be reachable instantly, or call any other number on the fly.

The CA11 project could use some help. Feel free to contact me if you have any questions. Some more info about the project:




Hey @jvanveen, thanks for posting this, going by your description it sounds very interesting. Could you expand on what type of contributions you’re looking for? Design? Documentation? Architectural decision making? Maybe there’s someone out there with those skills who’s willing and able to help you out.

p.s. the certificate for the domains linked on GitHub is expired.

Hey @RubenHoms, thanks for your response! I think the project could use help on all these topics, but for now the most obvious step would be to have something up-and-running asap and receive some user feedback (issues, feature requests, questions). This would make it easier to retain some focus in the project. I’ll try to make some time this week to have up again. Would love to hear some feedback then!

Was just looking through the repositories again and a question came to mind. You’re talking about supporting the SIG11 protocol, but it seems this is a protocol you’ve developed from scratch? If so, what are the goals of this protocol, what problem does it solve? Also I’m just curious why you’ve decided to go with a homebrewn protocol over the huge pool of ‘standardized’ protocols already out there.

Glad you ask! SIG11 is just a thin library that uses the browser’s WebCrypto API. It allows the browser softphone to easily generate its own identity and do a handshake(ECDHE) using existing browser crypto APIs. The public key is the user’s identification on the network. Parties use it to identify each other over an untrusted signalling network and to establish an encrypted communication channel(AES).

The goal is to have a fully open signalling service on the web, where the public key is the identifier to call each other. A trust provider or lookup service could later be used to match a public key with other identifiers (like phonenumber/name/email), but that’s something for later. The main goal for now is to have a MVP implementation that can be used for CA11’s call handling. The current state is that the handshake can be done, the signalling messages for a WebRTC are exchanged securely and a basic (video)call can be made. There are still some signalling message types left that need to be implemented.

There is no need for something like SIG11 anymore when a WebRTC connection is made, since DataChannels are a much efficient/practical way to exchange data once the connection is made. So, its purpose is mainly to be an open signalling broker/decentralized telephony network. I’ve considered a couple of other libraries over the time, but I found WebCrypto to be the most straightforward way to use crypto in the browser. Because the implementation is simple, it is quite easy to make changes to it and to adapt quickly for this particular usecase.

1 Like

Thanks for the explanation, that cleared some things up for me. Coincidentally I had a similar discussion with @aswath a while ago. He has been working/thinking about similar technology for about 13 years so maybe he’s able to chip in with some of the things you’re struggling with.

Also you might be able to look at how he’s trying to solve identity issues with a lookup service that uses IndieAuth. There’s some good learning in what he’s doing in my opinion.

Have a look at this topic maybe there’s something in it for you.

Interesting. I’ll read up about that. I’ve been trying yesterday and today to make it more straightforward to use CA11 with a docker-compose config(work in progress =>

I am not sure that I understand fully the ideas behind CA11. So my comments here may be out of order.

One advantage of using Indieauth is that, the ID, where it is hosted and who can authenticate it can be separate. PGP is one of the ways of authenticating one’s ID.

A WebRTC-based system does not have to worry about federation issues and interworking of protocols, since the initiator of a session contacts other’s server directly instead of going through own server.

A WebRTC-based system does not have to worry about federation issues and interworking of protocols, since the initiator of a session contacts other’s server directly instead of going through own server.

I’m not sure yet how something like OAuth/Indieauth fits in CA11’s design, but I think it could be a useful method to have some form of identity persistency as a service.

By the way, I updated the docs which should end up with a rudimentary version of CA11 running with an Asterisk/Coturn/MariaDB stack. Anyone interested to try it and let me know what works and what doesn’t?

1 Like

Sure I’ll give it a go. I see that the CA11 website is up-and-running again, nice. Are the install instructions on the GitHub repo enough for me to try?

I updated the install instructions, but saw there are some packaging issues while following the manual myself. Moved everything to a Lerna repo, but broke everything while doing so :slight_smile:
This friday I’ll probably have the time to fix it properly.


No problem, give me a poke when I can try it :ok_hand:

It’s still in a PoC state, so don’t expect too much, but I think the installation instructions are quite accurate now for power-users:

I installed an instance on (chrom(e/ium) only for now)

What should work:

  • SIP test calls from contacts
  • Screen recording

What might work:

  • SIP Conference (2222)

What doesn’t work:

  • SIG11 calls (WIP)
  • SIP call from dialer (middle of a refactor)

Lots of broken stuff, but the good news is that the whole stack has become a lot simpler to work on.

Some changes:

  • Switched to PostgreSQL
  • Default is to use audio, so the demo should work even if a user doesn’t have a webcam

I had a go with ca11 and must say I’m impressed with the efforts already put into it. Though there are some bugs, which are expected in a PoC state, I think it’s looking really good for a first version. All the basic functionality worked for me and the setup process wasn’t too difficult when following the README.

Overall great effort and love to see these different webphone implementations hitting the open source scene. Have you looked at linphone for example? They seem to have a very polished product which is open sourced under the GPL license. Though they do dual-license with a paid for proprietary version which has support included.

Yes, I use linphone on my tablet to test the Asterisk service. WebRTC-only libraries like may also be interesting to build a light-weight/native app, but I’m not sure how that would work with something like QT/Kirigami.

I’m a big fan of your project @jvanveen I can see a lot of thought and effort has been put into it. I was thinking that maybe we could put ca11 on our projects page? I’ve got the site setup on GitHub so a simple pull request should be enough if you’re interested :smiley:

If you want we could even host it under the Open VoIP Alliance organization on GitHub. Of course we’d need to make it very clear that it was made by you/garage11 in the README, I’m not out to steal your thunder. I just think we can both benefit from some exposure and that this could be a way to achieve that. :slight_smile:

Let me know what you think!