[Asterisk-Security] adding a TCP support to Asterisk ....

Enzo Michelangeli enzomich at gmail.com
Sat Jul 15 07:17:43 MST 2006


Yes, it will be soon possible to secure SIP over UDP with DTLS. However, as
you say, its use with SIP is still at draft stage.

Then again, even SIP over TLS, which has been officialized four years ago by 
RFC 3261, still has very limited support by manufacturers :-(

Enzo

----- Original Message ----- 
From: "Marc Blanchet" <marc.blanchet at viagenie.ca>
Sent: Saturday, July 15, 2006 9:23 PM

> however, that statement (TCP gives TLS) is no longer true since TLS  over
> UDP (DTLS) is now defined (RFC4347) and sip using DTLS is in draft.
>
> Marc.
>
> Le 06-07-14 à 09:08, Enzo Michelangeli a écrit :
>
>> ----- Original Message ----- From: "Bret McDanel" <bret at mcdanel.com>
>> Sent: Friday, July 14, 2006 9:05 PM
>>
>>> On Fri, 2006-07-14 at 05:49 -0700, vivek relan wrote:
>>>> Hi everybody,
>>>>
>>>>                 If we add the TCP support to the Asterisk, will it
>>>> provide same voice quality and what will be the impact on delay,
>>>> security and performance ?
>>>>
>>>>                 Waiting for the suggestion !!!
>>>>
>>>
>>> If you have a dropped packet it will cause horrible delay until that
>>> packet is retransmitted.  Basically its not advisable for things that
>>> can tolerate some packet loss and require 'real time' processing.
>>
>> Well, TCP should be used as transport for the SIP signalling,  rather
>> than for the media data. The main advantage of using TCP is  that TLS
>> becomes immediately available as security layer ("sips"  URI's) so the
>> session key used to secure the media data with SRTP
>> (http://srtp.sourceforge.net/srtp.html ) can be easily transmitted  as
>> cleartext (encapsulated in TLS) rather than having to rely on  awkward
>> content encryption schemes such as S/MIME.
>>
>> Of course, this all applies to SIP sessions, not IAX2.
>>
>> Enzo
>>
>> _______________________________________________
>> --Bandwidth and Colocation provided by Easynews.com --
>>
>> Asterisk-Security mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-security
>
>
>
> =========
> IPv6 book: Migrating to IPv6, Wiley, 2006. http://www.ipv6book.ca
>
>
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Security mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-security
>



More information about the Asterisk-Security mailing list