[Asterisk-Security] Opportunistic encryption
Duane
duane at e164.org
Sun Jul 23 22:34:04 MST 2006
Enzo Michelangeli wrote:
> Thanks. But how is a common session key established in this case? If it
> is randomly generated and transmitted in cleartext in the SDP content,
> as it appears from http://bugs.digium.com/view.php?id=5413 (use of
> "a=crypto .... inline:....), then the method only makes sense with
> SIP-over-TLS.
Or use MIKEY (which is what sipura uses?) for key exchange...
http://www.faqs.org/rfcs/rfc3830.html
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the Asterisk-Security
mailing list