[asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

Michael Maier m1278468 at mailbox.org
Tue Jan 15 16:03:45 CST 2019 

On 15.01.19 at 20:27 Joshua C. Colp wrote:
> 
> 
> On Tue, Jan 15, 2019, at 3:23 PM, Michael Maier wrote:
>> Hello!
>>
>> Deutsche Telekom introduced sips and srtp. I tested it and it works 
>> partly. Partly means: sips is working - but not srtp. srtp doesn't 
>> work, because of missing additional
>> headers in the REGISTER and INVITE packages (according an enhancement 
>> of RFC 3329).
>>
>>
>> Example:
>>
>> UAC                                            Registrar
>> | 						|
>> |----(1) REGISTER------------------------------>|
>> |        Security-Client: sdes-srtp;mediasec    |
>> |        Proxy-Require: mediasec                |
>> |        Require: mediasec              	|
>> |                                               |
>> |<---(2) 401------------------------------------|
>> |        Security-Server: msrp-tls;mediasec     |
>> |        Security-Server: sdes-srtp;mediasec    |
>> |        Security-Server: dtls-srtp;mediasec    |
>> |                                               |
>> |----(3) REGISTER(with Authorization Header)--->|
>> |        Security-Client: sdes-srtp;mediasec    |
>> |        Proxy-Require: mediasec                |
>> |        Require: mediasec                      |
>> |        Security-Verify: msrp-tls;mediasec     |
>> |        Security-Verify: sdes-srtp;mediasec    |
>> |        Security-Verify: dtls-srtp;mediasec    |
>> |                                            	|
>> |<---(4) 200 OK---------------------------------|
>> |                                               |
>> |                                               |
>> |----(5) INVITE-------------------------------->|
>> |        Security-Verify: msrp-tls;mediasec     |
>> |        Security-Verify: sdes-srtp;mediasec    |
>> |        Security-Verify: dtls-srtp;mediasec    |
>> |        a=3ge2ae:requested                     |
>> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:EpcgtOdT5qd...
>> |                                               |
>> |<---(8) 200 OK---------------------------------|
>> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:lnfakjh2sd1..
>>
>>
>>
>> You can find a complete description here (english language):
>> https://www.telekom.de/hilfe/downloads/1tr114.pdf
>> The example can be found on page 115.
>>
>> They need those mediasec parameters because of there compatibility with 
>> the 3GPP standards
>> (http://www.qtc.jp/3GPP/Specs/33328-920.pdf) which would require an 
>> additional signaling of the media plane security.
>>
>>
>> Is this already implemented or did I miss something else?
> 
> This is not implemented and I know of noone working on such a thing.
> 

Would you please plan to implement it?
Deutsche Telekom is the biggest player in Germany having 19 millions fixed lines and 25 millions mobile customers.


Thanks,
Michael

More information about the asterisk-dev mailing list