[Asterisk-Security] Opportunistic encryption
Duane
duane at e164.org
Tue Jul 18 13:46:18 MST 2006
John Todd wrote:
> While your request is rather broadly worded, here is a branch you might
> consider looking at or testing which uses SRTP for SIP:
Well opportunistic encryption is along the lines of smtp-tls, where the
link is encrypted if it's possible, there can be restrictions places on
such connects that they be signed by certain CAs etc, but for the most
part the benefit is being able to encrypt the connection if it's
possible without any prior knowledge of the other end.
> http://bugs.digium.com/view.php?id=5413
I'm aware of that bug, but I was discussing IAX encryption with a friend
this morning that's playing with it and he was griping about needing to
set a MD5 secret before hand etc...
> I also understand that there has at least been some discussion with Phil
> Zimmerman about ZRTP inclusion into Asterisk, though I don't know who
> (if anyone) at Digium has been talking with him about it (though I've
> brought it up enough with him to start looking like a pest.)
I thought the purpose of zrtp was a wrapper/tunnel similar to the
concept of stunnel where the client can be unaware of the datalayer
being encrypted, and zrtp is simply wrapping srtp in a crypto tunnel
(with voice fingerprinting, although SSL model of limiting CAs and/or
SSL fingerprints could fulfil the same purpose).
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the Asterisk-Security
mailing list