[Asterisk-Users] Grandstream, SIP encryption
John Todd
jtodd at loligo.com
Tue Aug 19 00:09:25 MST 2003
At 6:10 PM -0400 8/18/03, Ian Blenke wrote:
>John Todd wrote:
>>
>>On the Granstream 102 box that I have in front of me, there is a
>>"feature list" on the side. One of the features has grabbed my
>>attention:
>>
>>" - optional voice encryption (model 102D)"
>>
>>Now, digging through Grandstream's site, I see that it's not
>>offered quite yet. However, sending mail to their standard
>>"information" email address has resulted in no replies on any
>>details. Encryption is a topic that is near and dear to me, and
>>I'm very interested in whatever anyone else knows about this
>>vendor's implementation, and any possible toolkits or specs that
>>might be relevant to efforts towards getting Asterisk to work with
>>it once introduced. SIP message and RTP payload encryption would
>>be really, really useful for some of my clients who are at the end
>>of cable modems and/or international links. Currently, the fact
>>that SIP and RTP are unencrypted is just a "fact of life", but
>>almost everyone has asked about how to change that. A great answer
>>would be "IAX2 runs on that phone", but I am not hopeful for any
>>such answer in the near term with only a few exceptions, so I will
>>show interest in SIP encryption until such time as IAX2 is
>>ubiquitous.
>
>IAX2 appears to permit the use of RSA encryption only for the
>authentication stage - all other traffic is unencrypted, including
>any voice streams.
>
>AFAIK, IPSEC appears to be the only way to interoperably handle this
>appropriately at the moment (latency be damned).
>
>--
>- Ian C. Blenke <icblenke at nks.net>
>(This message bound by the following:
>http://www.nks.net/email_disclaimer.html)
>
Yes, as mentioned, IAX2 has encryption, but I'm not holding my breath
for that to appear in four different UA's in the next year.
IPSEC requires (usually) a gateway device that has some smarts and
does the encrypting for you. I am looking for "true" end-to-end
encryption at the protocol layer, not the transport/session layer.
There are RFCs that exist for SIP and RTP encryption. However, I am
uncertain if Grandstream is using the RFC methods or...?
I know Grandstream used to monitor the list - is there a clue in the house?
JT
More information about the asterisk-users
mailing list