[Asterisk-Dev] Re:Mandatory AES voice encryption for IAX2 /* New subject */

Olle E. Johansson oej at edvina.net
Fri Apr 16 23:07:43 MST 2004


James H. Cloos Jr. wrote:
>>>>>>"Olle" == Olle E Johansson <oej at edvina.net> writes:
> 
> 
> Olle> I can't believe [legal problems] are impossible to overcome,
> Olle> since there's open source code out for SRTP ...
> 
> It is not the gpl release that is (should be?) the problem.
> That just takes an email to resolve.
> 
> It is the commercial licensing that requires effort and probably cash
> to deal with.  It even may still require a DoC audit of the code.
> 
> And some thoughts on how it ought to work:
> 
> In iax.conf there should be a option to specify whether encryption is
> mandatory, prohibited or opportunistic.  Versions that do not support
> encryption should be treated as an opportunistic node by a nodes that
> do support encryption.  If one side is mandatory and the other either
> refuses or is unable to encrypt then the link should fail w/ an error
> to that effect.
Excellent input!

One comment:

When mandatory - the link has to be encrypted *ALL THE WAY* from
one phone to another. So if the call goes like this

phone -> IAX2 -> * -> IAX2 -> *2 -> IAX2 -> *3 -> IAX2 -> Phone2

...all IAX2 links should be encrypted. And if it's bridged or
transferred, it should stay encrypted. Otherwise, fail.

Another dilemma is this

phone -> IAX2s -> * -> SIP -> Phone
phone -> IAX2s -> * -> Zap -> Phone

For SIP, we could enforce SIPs when mandatory (when we have support for SIPs).
Without SIPs, the call should fail.

But should we fail for Zap? Maybe not for FXS ports, but what should be
done for FXO?

And what about H.323, MGCP, Skinny?

/O



More information about the asterisk-dev mailing list