<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Thanks Jeff, just to confirm, password are not sent in plain text? I
    want to safeguard against man in the middle attacks, sniffing
    traffic of clients. <br>
    <br>
    Thanks, <br>
    _motty<br>
    <br>
    <div class="moz-cite-prefix">On 10/30/2015 07:37 AM, Jeff
      LaCoursiere wrote:<br>
    </div>
    <blockquote cite="mid:563380BE.9000406@jeff.net" type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">On 10/29/2015 04:01 PM, Motty wrote:<br>
      </div>
      <blockquote cite="mid:56328946.3030702@gmail.com" type="cite">
        <meta content="text/html; charset=windows-1252"
          http-equiv="Content-Type">
        <br>
        <br>
        <div class="moz-cite-prefix">On 10/29/2015 01:11 PM, Jeff
          LaCoursiere wrote:<br>
        </div>
        <blockquote cite="mid:56327D7A.9020005@jeff.net" type="cite">
          <meta content="text/html; charset=windows-1252"
            http-equiv="Content-Type">
          <div class="moz-cite-prefix">On 10/28/2015 06:37 PM, Pete
            Mundy wrote:<br>
          </div>
          <blockquote
            cite="mid:263DE4ED-7DCA-4552-AA09-AB3D48C3D99C@fiberphone.co.nz"
            type="cite">
            <meta http-equiv="Content-Type" content="text/html;
              charset=windows-1252">
            <div>Hi Motty,</div>
            <div><br>
            </div>
            Isn't the whole point of the nonce in a SIP registration to
            ensure the secret doesn't go on the wire in plain-text? Is
            this not enough, or are you looking to hide the username
            too?
            <div><br>
            </div>
            <div>(if so, fair 'nuf, just wondering why :)</div>
            <div><br>
              <div>Pete</div>
              <div><br>
              </div>
              <div>Ps, if so then I think TLS is the missing part of
                your equation.</div>
              <div><br>
              </div>
              <div>
                <div>
                  <div>On 29/10/2015, at 11:54 AM, Motty <<a
                      moz-do-not-send="true"
                      class="moz-txt-link-abbreviated"
                      href="mailto:motty.cruz@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:motty.cruz@gmail.com">motty.cruz@gmail.com</a></a>>



                    wrote:</div>
                  <br class="Apple-interchange-newline">
                  <blockquote type="cite">Hello,<br>
                    I am searching for a solution to encrypt
                    authentication from Asterisk server to clients.
                    Searching srtp seem to encrypt traffic, I just want
                    client authentication with encryption. Can someone
                    point to the right direction? has anybody used ZRTP?
                    experience with ZRTP?<br>
                    <br>
                    Thanks,<br>
                    _motty</blockquote>
                </div>
              </div>
            </div>
            <br>
            <fieldset class="mimeAttachmentHeader"></fieldset>
            <br>
          </blockquote>
          <br>
          You want SIP over TLS.  That encrypts the signalling.  SRTP
          and ZRTP encrypt the actual voice traffic.<br>
          <br>
          Cheers,<br>
          <br>
          j<br>
          <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br>
        </blockquote>
        <br>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        Thanks Jeff, <br>
        I don't want SIP over TLS. I would like to encrypt password
        only, I suppose over TLS.<br>
        <br>
        Thanks, <br>
        _motty</blockquote>
      <br>
      The password isn't sent - SIP auth involves a challenge/response
      with hashing (digest authentication).  If that's all you are
      interested in, you are already there.<br>
      <br>
      Cheers,<br>
      <br>
      j<br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>