[Asterisk-Security] Opportunistic encryption

[Bret McDanel]

On Tue, 2006-07-18 at 13:36 -0700, John Todd wrote:

> I also understand that there has at least been some discussion with 
> Phil Zimmerman about ZRTP inclusion into Asterisk, though I don't 
> know who (if anyone) at Digium has been talking with him about it 
> (though I've brought it up enough with him to start looking like a 
> pest.)

As I understand the Zphone protocol, which may be wrong, its based off
his speech at etel, so I really havent looked at tech docs, but ...  it
seems that its end to end encryption which uses normal sip devices
connected to a proxy running on a local system which then connects to
another similar proxy (directly or indirectly).  This means that
asterisk can only do pass through, as such it shouldnt be that difficult
to implement it.

I may be wrong about my interpretation of this, however the hash that is
displayed would suggest that this is true (along with Phils comments
about using a normal sip device).  

He implied but didnt actually state that pretty much anything that
bridges the two channels without transcoding will work - of course this
means that whatever payload that is used has to be supported (ie not
rejected, which may be listed as a totally different codec) and that its
stanard RTP othwerise.  

Of course this does nothing for the signalling layer, but its a good
start.

My interpretations may be wrong, and I would appreciate someone who
knows correcting me if they are, as stated previously I really didnt
read anything just let my imagination run away during his speech trying
to visualize how it worked, and granted he only had 10 minutes or
whatever to talk about it.