[Asterisk-Security] Opportunistic encryption
Duane
duane at e164.org
Sat Jul 22 16:45:40 MST 2006
Enzo Michelangeli wrote:
> For purely opportunistic encryption, it should't be too difficult: not to
> reinvent the wheel, I suspect that the best thing to do would be
> implementing ZRTP without authentication (which would remove the need for
> a GUI on the VoIP clients). By the way, I've found out that Werner
> Dittmann has implemented ZRTP in his Minisip
> (http://lists.minisip.org/pipermail/minisip-devel/2006-July/004463.html )
> the libraries of which are LGPL'd, so there shouldn't be any problem with
> Asterisk's dual-licensed status. (However, that implementation is in C++
> and
> I think it uses its own SRTP implementation).
ZRTP doesn't seem like the best solution to me in any situation where
you need to terminate the call without a person on the other end, for
example calling your voicemail, or connecting to a VSP/ITSP that
supports encrypted voice channels... (John Todd's email tried to point
out other situation, but he left out a few such as transcoding between
codecs etc)
Also there is a working SRTP branch out there and people seem to be
testing it, if you throw ZRTP into the mix how long before it would be
stable and be released as opposed to getting the SRTP branch added with
opportunistic encryption?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the Asterisk-Security
mailing list