[asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

Joshua C. Colp jcolp at digium.com
Tue Jan 15 13:27:16 CST 2019 


On Tue, Jan 15, 2019, at 3:23 PM, Michael Maier wrote:
> Hello!
> 
> Deutsche Telekom introduced sips and srtp. I tested it and it works 
> partly. Partly means: sips is working - but not srtp. srtp doesn't 
> work, because of missing additional
> headers in the REGISTER and INVITE packages (according an enhancement 
> of RFC 3329).
> 
> 
> Example:
> 
> UAC                                            Registrar
> | 						|
> |----(1) REGISTER------------------------------>|
> |        Security-Client: sdes-srtp;mediasec    |
> |        Proxy-Require: mediasec                |
> |        Require: mediasec              	|
> |                                               |
> |<---(2) 401------------------------------------|
> |        Security-Server: msrp-tls;mediasec     |
> |        Security-Server: sdes-srtp;mediasec    |
> |        Security-Server: dtls-srtp;mediasec    |
> |                                               |
> |----(3) REGISTER(with Authorization Header)--->|
> |        Security-Client: sdes-srtp;mediasec    |
> |        Proxy-Require: mediasec                |
> |        Require: mediasec                      |
> |        Security-Verify: msrp-tls;mediasec     |
> |        Security-Verify: sdes-srtp;mediasec    |
> |        Security-Verify: dtls-srtp;mediasec    |
> |                                            	|
> |<---(4) 200 OK---------------------------------|
> |                                               |
> |                                               |
> |----(5) INVITE-------------------------------->|
> |        Security-Verify: msrp-tls;mediasec     |
> |        Security-Verify: sdes-srtp;mediasec    |
> |        Security-Verify: dtls-srtp;mediasec    |
> |        a=3ge2ae:requested                     |
> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:EpcgtOdT5qd...
> |                                               |
> |<---(8) 200 OK---------------------------------|
> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:lnfakjh2sd1..
> 
> 
> 
> You can find a complete description here (english language):
> https://www.telekom.de/hilfe/downloads/1tr114.pdf
> The example can be found on page 115.
> 
> They need those mediasec parameters because of there compatibility with 
> the 3GPP standards
> (http://www.qtc.jp/3GPP/Specs/33328-920.pdf) which would require an 
> additional signaling of the media plane security.
> 
> 
> Is this already implemented or did I miss something else?

This is not implemented and I know of noone working on such a thing.

-- 
Joshua C. Colp
Digium - A Sangoma Company | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

More information about the asterisk-dev mailing list