<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 10/29/2015 04:01 PM, Motty wrote:<br>
</div>
<blockquote cite="mid:56328946.3030702@gmail.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/29/2015 01:11 PM, Jeff
LaCoursiere wrote:<br>
</div>
<blockquote cite="mid:56327D7A.9020005@jeff.net" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 10/28/2015 06:37 PM, Pete Mundy
wrote:<br>
</div>
<blockquote
cite="mid:263DE4ED-7DCA-4552-AA09-AB3D48C3D99C@fiberphone.co.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>Hi Motty,</div>
<div><br>
</div>
Isn't the whole point of the nonce in a SIP registration to
ensure the secret doesn't go on the wire in plain-text? Is
this not enough, or are you looking to hide the username too?
<div><br>
</div>
<div>(if so, fair 'nuf, just wondering why :)</div>
<div><br>
<div>Pete</div>
<div><br>
</div>
<div>Ps, if so then I think TLS is the missing part of your
equation.</div>
<div><br>
</div>
<div>
<div>
<div>On 29/10/2015, at 11:54 AM, Motty <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:motty.cruz@gmail.com">motty.cruz@gmail.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">Hello,<br>
I am searching for a solution to encrypt
authentication from Asterisk server to clients.
Searching srtp seem to encrypt traffic, I just want
client authentication with encryption. Can someone
point to the right direction? has anybody used ZRTP?
experience with ZRTP?<br>
<br>
Thanks,<br>
_motty</blockquote>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
You want SIP over TLS. That encrypts the signalling. SRTP and
ZRTP encrypt the actual voice traffic.<br>
<br>
Cheers,<br>
<br>
j<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
Thanks Jeff, <br>
I don't want SIP over TLS. I would like to encrypt password only,
I suppose over TLS.<br>
<br>
Thanks, <br>
_motty</blockquote>
<br>
The password isn't sent - SIP auth involves a challenge/response
with hashing (digest authentication). If that's all you are
interested in, you are already there.<br>
<br>
Cheers,<br>
<br>
j<br>
<br>
</body>
</html>