Duane wrote:
Enzo Michelangeli wrote:
Thanks. But how is a common session key established in this case? If
it is randomly generated and transmitted in cleartext in the SDP
content, as it appears from http://bugs.digium.com/view.php?id=5413
(use of "a=crypto .... inline:....), then the method only makes sense
with SIP-over-TLS.
Or use MIKEY (which is what sipura uses?) for key exchange...
http://www.faqs.org/rfcs/rfc3830.html
Hmmm should have read a little further, there is a GPL lib, if this can
be used in asterisk or not (more political then technical I'm guessing)
and use a DH key exchange would get us to the point of opportunistic
encryption, pre-shared secrets and PKI without needing TCP SIP support
as far as I can tell...
http://www.minisip.org/develop_build.html#libmikey
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Security mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-security
