[asterisk-dev] SRTP and forcing encrypted calls
Olle E. Johansson
oej at edvina.net
Thu Feb 11 16:01:30 CST 2010
11 feb 2010 kl. 22.49 skrev Kevin P. Fleming:
> Olle E. Johansson wrote:
>
>> I think that the CHANNEL() dialplan function is not the answer. Let's not overload it, let's create a new function and make sure it's channel independent.
>
> That's exactly what CHANNEL is for; a channel-independent interface to
> (potentially) channel-dependent information and settings. It's only a
> dispatcher, it has no particular goal or design objectives, other than
> to be easy to understand and use. It was designed to be "overloaded", in
> the C++/C#/Java/etc. sense of that word.
>
I fully understand that. But there's also a product design issue here. I think that we have to consider security a separate property from other channel settings - it will make it easier to communicate, teach and write documentation if there's a specific set of functions, apps and settings that has a name prefix that shows that they belong together and all are used to manage the security properties of sessions. I don't want to say "there are a few settings you can find amongst all settings in CHANNEL, and a few options here and a few chan_sip settings and by the way, a few very different settings in iax.conf."
This is a very, very important addition to Asterisk and we need to make it very obvious how to manage security properties of the PBX. I don't want to hide it in existing functions and settings. i don't want options in asterisk.conf - I want a new file called PBXSECURITY.CONF or something even more obvious where you control the core security options, your PBX security profile and certificate store.
I know we can very well have it in a section called [encrypted_media_sessions] in asterisk.conf, but that won't give the effect I want. We have enhanced the security in many areas of Asterisk - manager, channel drivers and coding. Let's tie it all together and communicate, so that people start using it.
From the Asterisk product marketing dept in a hotel room in Oslo :-)
/O
More information about the asterisk-dev
mailing list