[Asterisk-Dev] libsrtp

Olle E. Johansson oej at edvina.net
Sun May 16 01:49:56 MST 2004


Conroy, Lawrence (SMTP) wrote:

Thank you for all the clarifications.

> The SIP INVITE/200 exchange carries the SDP anyway, so a secured 
> exchange (via SIPS - i.e. TLS)
> should be OK to carry the keys, hence SDPdescriptions. You have the 
> problem of mutual authentication
> and encryption with TLS anyway; once that's dealt with, passing a 
> message key (or keys) is OK,
> as it's done over a secured signalling channel.
Another clarification:

Isn't the problem that the TLS path is UA - Proxy and when we have multiple
proxies UA - Proxy - Proxy - UA the TLS secure channel is broken. If we don't
want the proxies to be aware of the keys used for media encryption we can't
rely on the TLS encryption to hide them. Hence S/MIME that encrypts
UA to UA without anything in clear text while passing known or unknown proxies.

S/MIME is an interesting choice, but as you point out, it's the standard.
There was a new document released the other day in this area that I haven't
studied in detail.

/Olle



More information about the asterisk-dev mailing list