[asterisk-users] End-To-End Secured Communications
Kevin P. Fleming
kpfleming at digium.com
Thu May 3 07:22:20 CDT 2012
On 05/03/2012 07:17 AM, Fernando Berretta wrote:
> Hi,
>
>
> I'm analyzing how to make Asterisk communications secured End-To-End,
> and not sure which is the best approach, SRTP + TLS seems to be secured
> but.. at least by default, doesn't appear to be End-To-End allowing
> Asterisk administrators to wiretap communications.. some sites I've hear
> that with SRTP is also possible End Points exchange keys between them
> directly avoiding Man in the Middle, is it possible with asterisk ? how
>
> On the other hand I've found ZRTP seems to be secured end-to-end, but we
> couldn't find any IP phones with support for it.. just SoftPhones
>
> Could someone please point me to the right direction ?
This is a fundamental architectural issue with all back-to-back User
Agents used in SIP networks. They are pretty much by definition a 'man
in the middle'. If they are used, the administrators will have access to
call signaling and media for all calls passing through them.
It is also important to realize that if you want end-to-end media
security, then you would not be able to use any of Asterisk's features
that involve media handling (transcoding, recording, whispering/spying,
music-on-hold, conferencing, etc.) Given that, what you really want is a
pure SIP proxy like Kamailio or OpenSIPs.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list