Hello Bruce,<br><br><div class="gmail_quote">2012/6/22 Bruce B <span dir="ltr"><<a href="mailto:bruceb444@gmail.com" target="_blank">bruceb444@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks. Want to secure everything and anything possible. <div><br></div><div>1- Can both
SIP over TLS and SRTP work in conjunction to each other?</div></blockquote><div>yes, you even need them both. SRTP encrypts just the media (audio), but the encryption key for it has to be sent somehow. That's done using SIP, which therefore also needs to be secured. That's what you use TLS for. <br>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>2- Is SIP over TLS a package or added on module that can be installed from Digium Asterisk repository?</div>
</blockquote><div> SRTP is natively included since asterisk 1.8, I think TLS also, but I am not sure.<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>3- SRTP takes care of the RTP and makes it secure so that MITM type sniffing is not possible?</div></blockquote><div>I leave this question to the real experts ;-) With only SRTP (no TLS) one can still sniff the encryption keys from the SIP messages. <br>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><br></div><div>Regards,</div><div class="HOEnZb"><div class="h5"><div><br></div><div><br><br><div class="gmail_quote">On Fri, Jun 22, 2012 at 2:39 PM, Kevin P. Fleming <span dir="ltr"><<a href="mailto:kpfleming@digium.com" target="_blank">kpfleming@digium.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 06/22/2012 12:56 PM, Bruce B wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Which one of these ensures that SIP packets are sent and received in a<br>
secure format so that users using public wifi don't allow MITM type of<br>
attacks or others can't read the plaintext SIP packet info. VPN is not<br>
an option. Looking for 2nd most secure to VPN.<br>
</blockquote>
<br></div>
SIP over TLS (what used to be called SSL) is what secures the SIP signaling. SRTP is for securing media streams.<span><font color="#888888"><br>
<br>
-- <br>
Kevin P. Fleming<br>
Digium, Inc. | Director of Software Technologies<br>
Jabber: <a href="mailto:kfleming@digium.com" target="_blank">kfleming@digium.com</a> | SIP: <a href="mailto:kpfleming@digium.com" target="_blank">kpfleming@digium.com</a> | Skype: kpfleming<br>
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA<br>
Check us out at <a href="http://www.digium.com" target="_blank">www.digium.com</a> & <a href="http://www.asterisk.org" target="_blank">www.asterisk.org</a></font></span><div><div><br>
<br>
<br>
<br>
--<br>
______________________________<u></u>______________________________<u></u>_________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/<u></u>mailman/listinfo/asterisk-<u></u>users</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br>