[asterisk-dev] SRTP and forcing encrypted calls

Leif Madsen leif.madsen at asteriskdocs.org
Wed Feb 10 18:38:30 CST 2010


Terry Wilson wrote:
>> - outbound call with security requirement
>> - 200 OK with SRTP for audio, but RTP for video and text
>>
>>  - Do we accept non-secured media streams? Or reject the call?
> 
> Ugh. Can we just hope that it never comes up and ignore the case 
> completely :-) Under the current paradigm, I'd say reject the call since 
> it doesn't include security for all options. But, I can see how that 
> wouldn't necessarily be what one would want to happen. But I really 
> don't want to have to specify requirements for every different kind of 
> media that could possibly exist. audio/video/text/image/morse code/smoke 
> signals/whatever. :-) It starts to be kind of a pain, dialplan-wise. It 
> seems silly that a client would choose to send encrypted audio, but 
> leave the other media unencrypted. But, people do silly things all the time.

This seems like something we can leave as a feature request for later 
programming. At the current time, my vote would be "all the way secure, or all 
the way unsecure". We shouldn't attempt to mix and match security here.

Honestly, if I am setting up a secure call, and then my video or text are 
unencrypted, then I don't quite get the point.

Anyways, my vote would be to require everything you're offering to be either 
encrypted or not, and if anything is different, either fail the call, or ignore 
those streams which don't match our dialplan or configuration file settings 
(whichever is makes more sense).

Leif!



More information about the asterisk-dev mailing list