Olle E. Johansson
oej at edvina.net
Wed Dec 30 06:44:33 CST 2009
29 dec 2009 kl. 21.41 skrev John Todd:
> On Dec 24, 2009, at 11:23 AM, Hans Witvliet wrote:
>> Hi all,
>> If i may ask, is there any development in progress concerning secure
>> conversations, like srtp? Or is this just a pending bounty?
>> It looks like the guys from cryptcall.com are offering a commercial
>> product, with one of them is based on asterisk...
> Hans -
> SRTP is one of the projects that has been languishing for years
> with Asterisk (heck, I tested it with static keys back in 2005.)
> There now exists code with an appropriate license in the issue
> tracker, but the complexity of the patch set is fairly significant. I
> would VERY MUCH welcome a review by a few people who have a good
> coding clue and some time. It is my intention to see if Digium can
> put resources to getting it implemented, since I think that security
> is an underrated problem set (Hello, broken GSM encryption!) and we
> should get Asterisk up the point where SRTP becomes a "default" for
> new devices.
Seems like the industry is not very mature in this regard yet either. The IETF has decided that DTLS-SRTP is the preferred method going forward, but there are very few implementations around. Resiprocate has an implementation we could use for testing.
At the SIPit in September, there was almost no interoperability amongst the few devices that had SRTP support...
More information about the asterisk-dev