[Asterisk-code-review] res pjsip sdp rtp: Fix issue with optimistic encryption & DTLS (asterisk[13])

Joshua Elson asteriskteam at digium.com
Mon Jan 9 15:27:06 CST 2017 

Joshua Elson has posted comments on this change. ( https://gerrit.asterisk.org/4701 )

Change subject: res_pjsip_sdp_rtp: Fix issue with optimistic encryption & DTLS
......................................................................


Patch Set 1:

Joshua, the change is definitely incomplete in the sense you mention, but I'm not 100% sure we would want to make the change when Asterisk is in the position of offeror.

To do this, would probably need to expose additional knobs. Per the spec you reference, a proper Opportunistic SRTP implementation would require attaching BOTH crypto and fingerprint attributes to the initial SDP offer in all cases, which has had poor real world compatibility results with endpoints. Practically speaking, you may need to support an opportunistic offer type option of some sort there to only offer SDES or DTLS rather than both (something like: media_encryption_optimistic_sdes or media_encryption_optimistic_dtls). We then need to address whether the media_encryption setting would play into this at all. Seems a little inelegant.

What seems like more of a defect here (possibly because it's breaking my current use case :) ) is with media_encryption=sdes, and media_encryption_optimistic=yes, an offer to Asterisk including the DTLS fingerprint is returned with the crypto attribute, which breaks any endpoints which require compatibility with both DTLS and SDES. This patch at least resolves that compatibility issue and behaves in a true "optimistic" sense.

If the preference here is for Asterisk offeror code to be changed, I can do that... just want to make sure that's the team's preferred direction.

-- 
To view, visit https://gerrit.asterisk.org/4701
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I880a2cf4611012babe316146d8ce25e77b62e8f2
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Joshua Elson <joshelson at gmail.com>
Gerrit-HasComments: No

More information about the asterisk-code-review mailing list