[Asterisk-Security] Opportunistic encryption
Duane
duane at e164.org
Sun Jul 23 22:40:55 MST 2006
Duane wrote:
> Enzo Michelangeli wrote:
>
>> Thanks. But how is a common session key established in this case? If
>> it is randomly generated and transmitted in cleartext in the SDP
>> content, as it appears from http://bugs.digium.com/view.php?id=5413
>> (use of "a=crypto .... inline:....), then the method only makes sense
>> with SIP-over-TLS.
>
> Or use MIKEY (which is what sipura uses?) for key exchange...
>
> http://www.faqs.org/rfcs/rfc3830.html
Hmmm should have read a little further, there is a GPL lib, if this can
be used in asterisk or not (more political then technical I'm guessing)
and use a DH key exchange would get us to the point of opportunistic
encryption, pre-shared secrets and PKI without needing TCP SIP support
as far as I can tell...
http://www.minisip.org/develop_build.html#libmikey
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the Asterisk-Security
mailing list