steveu at coppice.org
Wed Dec 30 07:27:18 CST 2009
On 12/30/2009 08:44 PM, Olle E. Johansson wrote:
> 29 dec 2009 kl. 21.41 skrev John Todd:
>> On Dec 24, 2009, at 11:23 AM, Hans Witvliet wrote:
>>> Hi all,
>>> If i may ask, is there any development in progress concerning secure
>>> conversations, like srtp? Or is this just a pending bounty?
>>> It looks like the guys from cryptcall.com are offering a commercial
>>> product, with one of them is based on asterisk...
>> Hans -
>> SRTP is one of the projects that has been languishing for years
>> with Asterisk (heck, I tested it with static keys back in 2005.)
>> There now exists code with an appropriate license in the issue
>> tracker, but the complexity of the patch set is fairly significant. I
>> would VERY MUCH welcome a review by a few people who have a good
>> coding clue and some time. It is my intention to see if Digium can
>> put resources to getting it implemented, since I think that security
>> is an underrated problem set (Hello, broken GSM encryption!) and we
>> should get Asterisk up the point where SRTP becomes a "default" for
>> new devices.
> Seems like the industry is not very mature in this regard yet either. The IETF has decided that DTLS-SRTP is the preferred method going forward, but there are very few implementations around. Resiprocate has an implementation we could use for testing.
> At the SIPit in September, there was almost no interoperability amongst the few devices that had SRTP support...
It might help if they get an RFC out for DTLS-SRTP. There have been
drafts for several years.
More information about the asterisk-dev