Olle E. Johansson wrote:
Jeremy Jackson wrote:
I've been playing with racooon/Linux IPSEC, and it seems quite simple to
enable security on a per-socket basis:
policy = "in ipsec esp/transport//require";
buf = ipsec_set_policy(policy, strlen(policy));
setsockopt(so, level, IP_IPSEC_POLICY, buf,ipsec_get_policylen(buf))
I see there is also work being done on SRTP. It seems like SRTP would
duplicate efforts, but maybe there are performance reasons that SRTP
would be better?
Comments?
SRTP can be setup on a per-call basis.
This may be my inexperience with per-socket IPSEC policy, but I believe
that translates to being on a per-call basis as well.
--
Jeremy Jackson
Coplanar Networks
W: (519)489-4903
C: (519)897-1516
http://www.coplanar.net
_______________________________________________
Asterisk-Security mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-security
