[asterisk-dev] RFC4733 SRTP option
Olle E. Johansson
oej at edvina.net
Fri Nov 27 03:09:40 CST 2009
27 nov 2009 kl. 09.58 skrev Nick Lewis:
>> It will take time until 4733 replaces 2833 since the new one requires
> SRTP.
>
> Ignoring the misleading appendix, the normative part of the spec seems
> to
> have SRTP support only at the SHOULD compliance level
"The telephone-event payload defined in this specification is highly
compressed. A change in value of just one bit can result in a major
change in meaning as decoded at the receiver. Thus, message
integrity MUST be provided for the telephone-event payload type.
To meet the need for protection both of confidentiality and
integrity, compliant implementations SHOULD implement the Secure
Real-time Transport Protocol (SRTP) [7]."
Now, the authors of the rfcs says that implementors should treat SHOULD as if it was a MUST. Which sounds funny, but that's the message to all coders.
Also, note the MUST in the previous paragraph that has serious impact on the requirement of SRTP.
/O
More information about the asterisk-dev
mailing list