[asterisk-dev] SRTP implementation

Mikael Magnusson mikma264 at gmail.com
Mon Apr 23 12:05:07 MST 2007


Olle E Johansson wrote:
> 
> 23 apr 2007 kl. 19.55 skrev Russell Bryant:
> 
>> John Todd wrote:
>>> To morph this into a -dev thread: if this patch were to become 
>>> (again) useful and error-free, is there any objection or usefulness 
>>> in adding it to TRUNK?  Personally, I think there is, if there is a 
>>> method by which SRTP can be activated or de-activated from within the 
>>> dialplan based on prior shared secrets.  However, I have heard others 
>>> disagree and object that without signalling-based secure key 
>>> exchange, SRTP is not worth the effort.  Opinions?
>>
>> I agree with you.  I think that is a reasonable approach.  I can't 
>> speak for the quality of the patch itself as I have not reviewed it.  
>> But, if it works, I would guess that it would not be too bad to get it 
>> into trunk.
> 
> Kevin and I earlier decided that we wanted to delay this until we had a 
> complete security solution, with signalling based secure key exchange ;-)
> 
> /O

I have uploaded a new patch. This patch and also the previous supports 
MIKEY as well as sdescriptions.

The MIKEY key management scheme uses transport encryption for 
transporting the keys securely over unsecured transports such as 
unencrypted SDP.

There are several MIKEY flavors: Pre shared, DH-SIGN, RSA, RSA-R and 
DH-HMAC. The patch currently uses DH-HMAC for outgoing connections, 
using secret from sip.conf as the shared secret.

Mikael



More information about the asterisk-dev mailing list