[Asterisk-Users] Grandstream, SIP encryption

Michael Sandee ms at zeelandnet.nl
Tue Aug 19 00:43:47 MST 2003


Hi JT,

There is a Open Source project on SF called SRTP (A Cisco sponsored 
protocol) at http://srtp.sourceforge.net/
Although it is nice that is exists, personally I don't think it offers 
much. I haven't looked at it, but my guess is it only supports voice 
encryption.

On the IAX2 part, I have been working for some weeks on integrating full 
encryption, control/command, voice AND video. Making documentation and 
working through the IAX2 code, making proof of concept code, etc. 
Although it is very much work in progress, and it requires in depth 
knowledge on all the little thingies IAX2 supports.

So... No IAX2 doesn't support encryption yet, on a LAN it would usually 
be only trivial to takeover someone's call or record it, even with RSA 
authentication challenges.

What is the problem with implementing encryption? You need knowledge on 
both IAX2 and Crypto, you would like backwards compatibility. However it 
is not likely that this can be done in the current IAX2 without making 
it prone to errors, or have a 'lot' of overhead (meta frames).

My $0.02 :)

Michael Sandee


John Todd wrote:

> At 6:10 PM -0400 8/18/03, Ian Blenke wrote:
>
>> John Todd wrote:
>>
>>>
>>> On the Granstream 102 box that I have in front of me, there is a 
>>> "feature list" on the side.  One of the features has grabbed my 
>>> attention:
>>>
>>> " - optional voice encryption (model 102D)"
>>>
>>> Now, digging through Grandstream's site, I see that it's not offered 
>>> quite yet.  However, sending mail to their standard "information" 
>>> email address has resulted in no replies on any details.  Encryption 
>>> is a topic that is near and dear to me, and I'm very interested in 
>>> whatever anyone else knows about this vendor's implementation, and 
>>> any possible toolkits or specs that might be relevant to efforts 
>>> towards getting Asterisk to work with it once introduced.  SIP 
>>> message and RTP payload encryption would be really, really useful 
>>> for some of my clients who are at the end of cable modems and/or 
>>> international links.  Currently, the fact that SIP and RTP are 
>>> unencrypted is just a "fact of life", but almost everyone has asked 
>>> about how to change that.  A great answer would be "IAX2 runs on 
>>> that phone", but I am not hopeful for any such answer in the near 
>>> term with only a few exceptions, so I will show interest in SIP 
>>> encryption until such time as IAX2 is ubiquitous.
>>
>>
>> IAX2 appears to permit the use of  RSA encryption only for the 
>> authentication stage - all other traffic is unencrypted, including 
>> any voice streams.
>>
>> AFAIK, IPSEC appears to be the only way to interoperably handle this 
>> appropriately at the moment (latency be damned).
>>
>> -- 
>> - Ian C. Blenke <icblenke at nks.net>
>> (This message bound by the following:
>> http://www.nks.net/email_disclaimer.html)
>>
>
> Yes, as mentioned, IAX2 has encryption, but I'm not holding my breath 
> for that to appear in four different UA's in the next year.
>
> IPSEC requires (usually) a gateway device that has some smarts and 
> does the encrypting for you.  I am looking for "true" end-to-end 
> encryption at the protocol layer, not the transport/session layer. 
> There are RFCs that exist for SIP and RTP encryption.  However, I am 
> uncertain if Grandstream is using the RFC methods or...?
>
> I know Grandstream used to monitor the list - is there a clue in the 
> house?
>
> JT
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>




More information about the asterisk-users mailing list