22 jun 2012 kl. 21:59 skrev Bruce B: > Thanks. Want to secure everything and anything possible. > > 1- Can both SIP over TLS and SRTP work in conjunction to each other? Yes. As Kevin said, SIP over TLS only secures the signalling. And it secures it hop-by-hop so every server in the middle can access the content. The signalling should be hidden from other Wifi users, even if it's not hidden all the way between caller and callee. In the signalling you specify how to exchange the actual media. To have secure signalling with TLS doesn't necessarily mean that them media (audio/video/text) is secured. The media is secured with Secure RTP or SRTP, which means that every audio packet is encrypted.
> 2- Is SIP over TLS a package or added on module that can be installed from > Digium Asterisk repository? It's part of the current Asterisk SIP stack, but still marked as experimental as it has a number of known issues that needs to be fixed in order to put this in production use in larger sites and networks. You will have to test it to make sure it works for you. "Experimental" status means that the configuration options may change in a coming release without being backwards compatible. The TLS part has been experimental in many releases without anyone putting any funding towards fixing it. I guess serious use of TLS is done not with Asterisk but with a SIP proxy like Kamailio or OpenSIPS in front of Asterisk. > 3- SRTP takes care of the RTP and makes it secure so that MITM type sniffing > is not possible? Yes, provided that the media encryption key exchange is secured. Today, the key exchange is done in SIP messaging, which is why you also want SIP over TLS. Regards, /Olle > > Regards, > > > > On Fri, Jun 22, 2012 at 2:39 PM, Kevin P. Fleming <kpflem...@digium.com> > wrote: > On 06/22/2012 12:56 PM, Bruce B wrote: > > Which one of these ensures that SIP packets are sent and received in a > secure format so that users using public wifi don't allow MITM type of > attacks or others can't read the plaintext SIP packet info. VPN is not > an option. Looking for 2nd most secure to VPN. > > SIP over TLS (what used to be called SSL) is what secures the SIP signaling. > SRTP is for securing media streams. > > -- > Kevin P. Fleming > Digium, Inc. | Director of Software Technologies > Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > Check us out at www.digium.com & www.asterisk.org > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
