[Asterisk-Security] SRTP vs IPSEC
Jeremy Jackson
jerj at coplanar.net
Wed Aug 10 15:17:47 CDT 2005
Olle E. Johansson wrote:
> Jeremy Jackson wrote:
>
>>I've been playing with racooon/Linux IPSEC, and it seems quite simple to
>> enable security on a per-socket basis:
>>
>> policy = "in ipsec esp/transport//require";
>> buf = ipsec_set_policy(policy, strlen(policy));
>> setsockopt(so, level, IP_IPSEC_POLICY, buf,ipsec_get_policylen(buf))
>>
>>I see there is also work being done on SRTP. It seems like SRTP would
>>duplicate efforts, but maybe there are performance reasons that SRTP
>>would be better?
>>
>>Comments?
>
> SRTP can be setup on a per-call basis.
This may be my inexperience with per-socket IPSEC policy, but I believe
that translates to being on a per-call basis as well.
--
Jeremy Jackson
Coplanar Networks
W: (519)489-4903
C: (519)897-1516
http://www.coplanar.net
More information about the Asterisk-Security
mailing list