[asterisk-dev] SRTP and forcing encrypted calls

[Jeff LaCoursiere]

On Wed, 10 Feb 2010, Leif Madsen wrote:

> Terry Wilson wrote:
>>> - outbound call with security requirement
>>> - 200 OK with SRTP for audio, but RTP for video and text
>>>
>>>  - Do we accept non-secured media streams? Or reject the call?
>>
>> Ugh. Can we just hope that it never comes up and ignore the case
>> completely :-) Under the current paradigm, I'd say reject the call since
>> it doesn't include security for all options. But, I can see how that
>> wouldn't necessarily be what one would want to happen. But I really
>> don't want to have to specify requirements for every different kind of
>> media that could possibly exist. audio/video/text/image/morse code/smoke
>> signals/whatever. :-) It starts to be kind of a pain, dialplan-wise. It
>> seems silly that a client would choose to send encrypted audio, but
>> leave the other media unencrypted. But, people do silly things all the time.
>
> This seems like something we can leave as a feature request for later
> programming. At the current time, my vote would be "all the way secure, or all
> the way unsecure". We shouldn't attempt to mix and match security here.
>
> Honestly, if I am setting up a secure call, and then my video or text are
> unencrypted, then I don't quite get the point.
>
> Anyways, my vote would be to require everything you're offering to be 
> either encrypted or not, and if anything is different, either fail the 
> call, or ignore those streams which don't match our dialplan or 
> configuration file settings (whichever is makes more sense).
>

Not that I disagree, but just to point out one situation where security 
*to* asterisk would be desired, and then you don't care... if the call is 
traversing an untrusted network on the way *to* the asterisk box, you want 
encryption, but from there it goes out the PSTN...

Hope I haven't missed the point entirely...

j