At 3:05 PM +0800 on 8/22/05, Enzo Michelangeli wrote:
Jeremy Jackson jerj at coplanar.net
Wed Aug 10 16:15:01 CDT 2005
[...]
Does RTP use separate UDP ports per media stream? I'm inclined to think
it does; gnomemeeting/H323 video calls do. If that's generally true,
than code like the above can trigger encryption per stream, *inside* the
applicantion(s).
What might be some of the other issues? There's a fair bit of work to
implement SRTP, so I'd like to be convinced it's necessary.
There is a well documented GPL'd implementation of SRTP available from
http://srtp.sourceforge.net/srtp.html . Integration with Asterisk
shouldn't be hard; as usual, the hardest issue is key management.
Solutions based on a shared secret may work between mutually-authenticated
nodes; in other cases, a relatively simple way out is to use SIPS (SIP
over TLS) to pass a randomly-generated session key in cleartext, but
protected by the TLS layer. Unfortunately, I believe that, at this stage,
Asterisk doesn't support SIPS (and not even SIP over TCP).
Enzo
I've seen this also, and it looks like a very promising start. As
you indicate, key management is an issue, but I think that will get
sorted out in time.
I disagree that key management is the "hardest" issue. I think the
hardest issue is that this version of SRTP is GPL, which makes it
difficult to integrate into Asterisk.
JT
_______________________________________________
Asterisk-Security mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-security
