[Asterisk-Security] SRTP vs IPSEC
Enzo Michelangeli
enzomich at gmail.com
Mon Aug 22 02:05:48 CDT 2005
Jeremy Jackson jerj at coplanar.net
Wed Aug 10 16:15:01 CDT 2005
[...]
> Does RTP use separate UDP ports per media stream? I'm inclined to think
> it does; gnomemeeting/H323 video calls do. If that's generally true,
> than code like the above can trigger encryption per stream, *inside* the
> applicantion(s).
>
> What might be some of the other issues? There's a fair bit of work to
> implement SRTP, so I'd like to be convinced it's necessary.
There is a well documented GPL'd implementation of SRTP available from
http://srtp.sourceforge.net/srtp.html . Integration with Asterisk
shouldn't be hard; as usual, the hardest issue is key management.
Solutions based on a shared secret may work between mutually-authenticated
nodes; in other cases, a relatively simple way out is to use SIPS (SIP
over TLS) to pass a randomly-generated session key in cleartext, but
protected by the TLS layer. Unfortunately, I believe that, at this stage,
Asterisk doesn't support SIPS (and not even SIP over TCP).
Enzo
More information about the Asterisk-Security
mailing list