<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 10/28/2015 06:37 PM, Pete Mundy
wrote:<br>
</div>
<blockquote
cite="mid:263DE4ED-7DCA-4552-AA09-AB3D48C3D99C@fiberphone.co.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>Hi Motty,</div>
<div><br>
</div>
Isn't the whole point of the nonce in a SIP registration to ensure
the secret doesn't go on the wire in plain-text? Is this not
enough, or are you looking to hide the username too?
<div><br>
</div>
<div>(if so, fair 'nuf, just wondering why :)</div>
<div><br>
<div>Pete</div>
<div><br>
</div>
<div>Ps, if so then I think TLS is the missing part of your
equation.</div>
<div><br>
</div>
<div>
<div>
<div>On 29/10/2015, at 11:54 AM, Motty <<a
moz-do-not-send="true"
href="mailto:motty.cruz@gmail.com">motty.cruz@gmail.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">Hello,<br>
I am searching for a solution to encrypt authentication
from Asterisk server to clients. Searching srtp seem to
encrypt traffic, I just want client authentication with
encryption. Can someone point to the right direction? has
anybody used ZRTP? experience with ZRTP?<br>
<br>
Thanks,<br>
_motty</blockquote>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
You want SIP over TLS. That encrypts the signalling. SRTP and ZRTP
encrypt the actual voice traffic.<br>
<br>
Cheers,<br>
<br>
j<br>
</body>
</html>