[asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

sean darcy seandarcy2 at gmail.com
Wed Jan 16 17:34:37 CST 2019 

On 1/15/19 1:49 PM, Michael Maier wrote:
> Hello!
> 
> Deutsche Telekom introduced sips and srtp. I tested it and it works partly. Partly means: sips is working - but not srtp. srtp doesn't work, because of missing additional
> headers in the REGISTER and INVITE packages (according an enhancement of RFC 3329).
> 
> 
> Example:
> 
> UAC                                            Registrar
> | 						|
> |----(1) REGISTER------------------------------>|
> |        Security-Client: sdes-srtp;mediasec    |
> |        Proxy-Require: mediasec                |
> |        Require: mediasec              	|
> |                                               |
> |<---(2) 401------------------------------------|
> |        Security-Server: msrp-tls;mediasec     |
> |        Security-Server: sdes-srtp;mediasec    |
> |        Security-Server: dtls-srtp;mediasec    |
> |                                               |
> |----(3) REGISTER(with Authorization Header)--->|
> |        Security-Client: sdes-srtp;mediasec    |
> |        Proxy-Require: mediasec                |
> |        Require: mediasec                      |
> |        Security-Verify: msrp-tls;mediasec     |
> |        Security-Verify: sdes-srtp;mediasec    |
> |        Security-Verify: dtls-srtp;mediasec    |
> |                                            	|
> |<---(4) 200 OK---------------------------------|
> |                                               |
> |                                               |
> |----(5) INVITE-------------------------------->|
> |        Security-Verify: msrp-tls;mediasec     |
> |        Security-Verify: sdes-srtp;mediasec    |
> |        Security-Verify: dtls-srtp;mediasec    |
> |        a=3ge2ae:requested                     |
> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:EpcgtOdT5qd...
> |                                               |
> |<---(8) 200 OK---------------------------------|
> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:lnfakjh2sd1..
> 
> 
> 
> You can find a complete description here (english language):
> https://www.telekom.de/hilfe/downloads/1tr114.pdf
> The example can be found on page 115.
> 
> They need those mediasec parameters because of there compatibility with the 3GPP standards
> (http://www.qtc.jp/3GPP/Specs/33328-920.pdf) which would require an additional signaling of the media plane security.
> 
> 
> Is this already implemented or did I miss something else?
> 
> 
> 
> Thanks,
> regards,
> Michael
> 
You may want to contact pjsip.

sean

More information about the asterisk-dev mailing list