[asterisk-dev] AstriDevCon Recap - IAX2 RENEW for encryption
Russell Bryant
russell at digium.com
Thu May 31 16:20:17 MST 2007
Kevin P. Fleming wrote:
> A couple of other comments: is there any value in making an assumption
> that key usage is symmetrical? For example, if peer A sends RENEW with
> ENCKEY, and peer B sends ACCEPT, could that mean that _only_ packets
> from A->B are encrypted using the new key, and that peer B should also
> send RENEW/ENCKEY to change keys in the B->A direction (possibly to the
> same key, possibly to a different key)?
I noted in another response to this thread that I think this RENEW with
ENCKEY method should only change the encryption key in one direction.
Also, another thing I brought up is that I don't think an ACCEPT should
be required.
If you switch to decrypting using the new key as soon as you receive the
RENEW, then every frame you receive after that (assuming they are in
order) is encrypted using the new key. If the peer that sends the RENEW
does not switch to encrypting using the new key until after it receives
the ACCEPT to your RENEW, then there is no way to synchronize the key
switch with the other end. You send the ACCEPT, and then the other side
will switch whenever it receives it, but there is no way to know when
that is.
--
Russell Bryant
Software Engineer
Digium, Inc.
More information about the asterisk-dev
mailing list