[Asterisk-Dev] SRTP with keymanagement, SIP over TCP

John Todd jtodd at loligo.com
Wed Dec 7 13:56:59 MST 2005


First: I'm very happy that someone is considering SRTP development! 
This is great.

Second: I don't know the licensing for chan_exosip for the TLS 
portion of the thread below - as it's GPL, are there any 
possibilities of this being incorporated in the current Asterisk SVN? 
I'd hate for this to become another confusing mess with TLS like what 
happened with SER, where the code is difficult to integrate. 
Ideally, whatever is used should be integrated into Asterisk as a 
"complete" package that is distributed in the SVN and release copies.

Third: I thought I was on top of Asterisk SIP stuff, but I will admit 
I've never tried the TLS implementation that came out of the Summer 
of Code stuff, and I don't remember seeing discussion of it here on 
-dev.  Has anyone reviewed that code?  Olle?  Kevin?  Any good?  In 
my <cough> spare time I'll see if I can get it running against SER or 
between two Asterisk servers.

Fourth: To Michael's question: I'm sure many people here on the list 
would be interested in helping you achieve a successful test.  I 
would suggest that you do the following:

   - ensure that your code is always up-to-date with SVN HEAD

   - get a website to track your code (http://bugs.digium.com/)

   - make sure you've signed and submitted a disclaimer 
(http://bugs.digium.com/  has instructions)

   - distribute a patch set that is easily applied ("diff -u" format)

   - ensure that you are testing against inexpensive equipment (Sipura 
is an SRTP device which is cheap...)

   - provide example configuration files for testers, so each of us 
doesn't have to backwards engineer the whole process

Thanks!  I look forward to encrypting my SIP->Asterisk calls!

JT


At 12:59 PM +0100 12/7/05, Klaus Darilion wrote:
>
>
>Maybe it is easier to use chan_exosip
>http://www.hem.za.org/chan_exosip/
>
>regards
>klaus
>
>Michael Prochaska wrote:
>>hi everybody!
>>
>>we are working on a project to permit secure communication over asterisk.
>>
>>+) first of all we try to implement SRTP into asterisk (it's implemented
>>yet but we have still to do some debugging work).
>>
>>+) the next step will be a key exchange over SDP (sdescriptions), in the
>>way SNOM do with their phones. here we have the problem that the
>>signaling must be secure too, to have a real secure connection.
>>
>>+) last but not least we will implement a second key exchange => MIKEY,
>>with MIKEY it will be possible to have a secure exchange without
>>securing the signaling
>>
>>how can you  help us to achiev our goal?
>>-----------------------------------------
>>
>>for the second point we need a secure signaling. we have found a project
>>(https://savannah.nongnu.org/projects/asterisk-tcp/) which has
>>implemented SIP over TCP (with TLS support).
>>reportedly, the sourcecode has been passed to the official asterisk CVS.
>>
>>does anybody know anything about the project? does the code work?
>>
>>
>>tell us your experience regarding SRTP, sdescriptions or MIKEY with
>>asterisk (if there are any)!
>>
>>best regards,
>>bradley and michael
>>*****************************
>>Bradley Clayton <bradley at rucus.net>
>>Michael Prochaska <tm021090 at fh-stpoelten.ac.at>
>>



More information about the asterisk-dev mailing list