[Asterisk-Users] Grandstream, SIP encryption

[Ian Blenke]

John Todd wrote:
> 
> On the Granstream 102 box that I have in front of me, there is a 
> "feature list" on the side.  One of the features has grabbed my attention:
> 
> " - optional voice encryption (model 102D)"
> 
> Now, digging through Grandstream's site, I see that it's not offered 
> quite yet.  However, sending mail to their standard "information" email 
> address has resulted in no replies on any details.  Encryption is a 
> topic that is near and dear to me, and I'm very interested in whatever 
> anyone else knows about this vendor's implementation, and any possible 
> toolkits or specs that might be relevant to efforts towards getting 
> Asterisk to work with it once introduced.  SIP message and RTP payload 
> encryption would be really, really useful for some of my clients who are 
> at the end of cable modems and/or international links.  Currently, the 
> fact that SIP and RTP are unencrypted is just a "fact of life", but 
> almost everyone has asked about how to change that.  A great answer 
> would be "IAX2 runs on that phone", but I am not hopeful for any such 
> answer in the near term with only a few exceptions, so I will show 
> interest in SIP encryption until such time as IAX2 is ubiquitous.

IAX2 appears to permit the use of  RSA encryption only for the 
authentication stage - all other traffic is unencrypted, including any 
voice streams.

AFAIK, IPSEC appears to be the only way to interoperably handle this 
appropriately at the moment (latency be damned).

-- 
- Ian C. Blenke <icblenke at nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)