[Asterisk-Users] Grandstream, SIP encryption

John Todd jtodd at loligo.com
Tue Aug 19 00:09:25 MST 2003


At 6:10 PM -0400 8/18/03, Ian Blenke wrote:
>John Todd wrote:
>>
>>On the Granstream 102 box that I have in front of me, there is a 
>>"feature list" on the side.  One of the features has grabbed my 
>>attention:
>>
>>" - optional voice encryption (model 102D)"
>>
>>Now, digging through Grandstream's site, I see that it's not 
>>offered quite yet.  However, sending mail to their standard 
>>"information" email address has resulted in no replies on any 
>>details.  Encryption is a topic that is near and dear to me, and 
>>I'm very interested in whatever anyone else knows about this 
>>vendor's implementation, and any possible toolkits or specs that 
>>might be relevant to efforts towards getting Asterisk to work with 
>>it once introduced.  SIP message and RTP payload encryption would 
>>be really, really useful for some of my clients who are at the end 
>>of cable modems and/or international links.  Currently, the fact 
>>that SIP and RTP are unencrypted is just a "fact of life", but 
>>almost everyone has asked about how to change that.  A great answer 
>>would be "IAX2 runs on that phone", but I am not hopeful for any 
>>such answer in the near term with only a few exceptions, so I will 
>>show interest in SIP encryption until such time as IAX2 is 
>>ubiquitous.
>
>IAX2 appears to permit the use of  RSA encryption only for the 
>authentication stage - all other traffic is unencrypted, including 
>any voice streams.
>
>AFAIK, IPSEC appears to be the only way to interoperably handle this 
>appropriately at the moment (latency be damned).
>
>--
>- Ian C. Blenke <icblenke at nks.net>
>(This message bound by the following:
>http://www.nks.net/email_disclaimer.html)
>

Yes, as mentioned, IAX2 has encryption, but I'm not holding my breath 
for that to appear in four different UA's in the next year.

IPSEC requires (usually) a gateway device that has some smarts and 
does the encrypting for you.  I am looking for "true" end-to-end 
encryption at the protocol layer, not the transport/session layer. 
There are RFCs that exist for SIP and RTP encryption.  However, I am 
uncertain if Grandstream is using the RFC methods or...?

I know Grandstream used to monitor the list - is there a clue in the house?

JT



More information about the asterisk-users mailing list