[asterisk-dev] SRTP key lifetime bug
James Cloos
cloos at jhcloos.com
Thu Sep 5 12:28:51 CDT 2013
>>>>> "OEJ" == Olle E Johansson <oej at edvina.net> writes:
OEJ> even if the lifetime is 2^31 packets which is quite a long call,
OEJ> spanning decades, with a rate of 50 packets per second.
Side note: 2^31 packets at 50 packets/s == 497.1 days.
OEJ> We do not have to answer with any attributes on our key. The key
OEJ> attributes are just declarative, not an offer/answer item.
Given that,
OEJ> assume no calls will be that long or that if they are, the other end
OEJ> will start a key reset.
and the possibility of assuming that the other side will start a reset
when the advisory timeout which they specified occurs, it seems like it
would be enough just to accept the nego w/o bothering to confirm that
the other side holds to their advised key timeout, yes?
Ie, do nothing more than a verbose() or debug() call with the timeout
info and proceed as though it were not speficied?
OTOH, for performance and quality reasons, rejecting nego when the
timeout is less than a few seconds seems useful. For some definition
of a few.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the asterisk-dev
mailing list