Jeremy Jackson jerj at coplanar.net Wed Aug 10 16:15:01 CDT 2005 [...] > Does RTP use separate UDP ports per media stream? I'm inclined to think > it does; gnomemeeting/H323 video calls do. If that's generally true, > than code like the above can trigger encryption per stream, *inside* the > applicantion(s). > > What might be some of the other issues? There's a fair bit of work to > implement SRTP, so I'd like to be convinced it's necessary.
There is a well documented GPL'd implementation of SRTP available from http://srtp.sourceforge.net/srtp.html . Integration with Asterisk shouldn't be hard; as usual, the hardest issue is key management. Solutions based on a shared secret may work between mutually-authenticated nodes; in other cases, a relatively simple way out is to use SIPS (SIP over TLS) to pass a randomly-generated session key in cleartext, but protected by the TLS layer. Unfortunately, I believe that, at this stage, Asterisk doesn't support SIPS (and not even SIP over TCP). Enzo _______________________________________________ Asterisk-Security mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-security
