[Asterisk-Dev] SRTP with keymanagement, SIP over TCP
Mikael Magnusson
mikaelmagnusson at glocalnet.net
Wed Dec 7 15:10:41 MST 2005
On Wed, Dec 07, 2005 at 12:23:34PM +0100, Michael Prochaska wrote:
> hi everybody!
>
> we are working on a project to permit secure communication over asterisk.
>
> +) first of all we try to implement SRTP into asterisk (it's implemented
> yet but we have still to do some debugging work).
>
> +) the next step will be a key exchange over SDP (sdescriptions), in the
> way SNOM do with their phones. here we have the problem that the
> signaling must be secure too, to have a real secure connection.
>
> +) last but not least we will implement a second key exchange => MIKEY,
> with MIKEY it will be possible to have a secure exchange without
> securing the signaling
>
> how can you help us to achiev our goal?
> -----------------------------------------
>
> for the second point we need a secure signaling. we have found a project
> (https://savannah.nongnu.org/projects/asterisk-tcp/) which has
> implemented SIP over TCP (with TLS support).
> reportedly, the sourcecode has been passed to the official asterisk CVS.
>
> does anybody know anything about the project? does the code work?
>
>
> tell us your experience regarding SRTP, sdescriptions or MIKEY with
> asterisk (if there are any)!
>
> best regards,
> bradley and michael
I added a patch with SRTP support (based on libsrtp) and basic support
for sdescriptions in chan_sip to the bug tracker last week. I have only
tested sdescriptions between Asterisk servers, but the SRTP support has
also been tested with Minisip. It isn't possible to use SRTP between
Minisip and chan_sip currently, since Minisip only supports MIKEY and
chan_sip only sdescriptions, but I'm coding another sip channel with MIKEY
support that was mentioned in another reply.
http://bugs.digium.com/view.php?id=5413
/Mikael
More information about the asterisk-dev
mailing list