[Asterisk-Dev] Re:Mandatory AES voice encryption for IAX2 /* New subject */

Steve Rodgers hwstar at rodgers.sdcoxmail.com
Sat Apr 17 12:51:02 MST 2004 

Mandatory can be broken into 2 commands:

1. end-to-end

encryption support from the source ADC/DAC to the destination ADC/DAC would be 
mandatory. I.e. any digital stream must stay in encrypted end-to-end or the 
call will fail. Will also fail if destination or source can't negotiate an 
encryption protocol set, or if the destination has configured the IAX trunk 
for prohibited.

One issue: What do you do when an encryption algorthim is not supported during 
a conversion between Voip protocols? Decrypting then re-encrypting
consumes processor bandwidth and is a security risk.

2. required

Would require encryption only on this hop only, as well as when the call is 
redirected to another destination. Will fail if destination or source can't
negotiate an encryption protocol set, or if the destination has configured
the IAX trunk for prohibited.

The 4 modes would be: prohibited, opportunistic, required, and end-to-end


I would suggest working on getting prohibited and required supported first 
then work on opportunistic, and end-to-end in a subsequent release.

----

Encrypted data beyond an FXO interface doesnt make much sense either. Most of 
these are winmodems or channel banks connected to a telephone line. I've 
never seen a channel bank which sends an encypted analog signal to a telco 
phone line, but I'm not saying they don't exist.

Steve.



On Friday 16 April 2004 23:07, Olle E. Johansson wrote:
> James H. Cloos Jr. wrote:
> >>>>>>"Olle" == Olle E Johansson <oej at edvina.net> writes:
> >
> > Olle> I can't believe [legal problems] are impossible to overcome,
> > Olle> since there's open source code out for SRTP ...
> >
> > It is not the gpl release that is (should be?) the problem.
> > That just takes an email to resolve.
> >
> > It is the commercial licensing that requires effort and probably cash
> > to deal with.  It even may still require a DoC audit of the code.
> >
> > And some thoughts on how it ought to work:
> >
> > In iax.conf there should be a option to specify whether encryption is
> > mandatory, prohibited or opportunistic.  Versions that do not support
> > encryption should be treated as an opportunistic node by a nodes that
> > do support encryption.  If one side is mandatory and the other either
> > refuses or is unable to encrypt then the link should fail w/ an error
> > to that effect.
>
> Excellent input!
>
> One comment:
>
> When mandatory - the link has to be encrypted *ALL THE WAY* from
> one phone to another. So if the call goes like this
>
> phone -> IAX2 -> * -> IAX2 -> *2 -> IAX2 -> *3 -> IAX2 -> Phone2
>
> ...all IAX2 links should be encrypted. And if it's bridged or
> transferred, it should stay encrypted. Otherwise, fail.
>
> Another dilemma is this
>
> phone -> IAX2s -> * -> SIP -> Phone
> phone -> IAX2s -> * -> Zap -> Phone
>
> For SIP, we could enforce SIPs when mandatory (when we have support for
> SIPs). Without SIPs, the call should fail.
>
> But should we fail for Zap? Maybe not for FXS ports, but what should be
> done for FXO?
>
> And what about H.323, MGCP, Skinny?
>
> /O
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list