Hey David! You should come by to this year's ClueCon! We still have some speaking slots left.
On Thu, May 7, 2009 at 11:08 AM, David Sugar <dy...@gnutelephony.org> wrote: > SIP TLS will protect the SIP session information with static keys via a > certificate, assuming of course the call is direct between two peers. > It will do nothing for the actual voice channel. > > There is SRTP, which can be used to create a cryptographic context over > RTP. However, the key question is how to exchange the keys. If they > are exchanged in the SIP session, even TLS SIP, then there are > certificates around, and it is possible to acquire a past rtp session > that has been intercepted. > > ZRTP offers a solution for setting up SRTP cryptographic contexts using > distributed and self generated keys (much like gnupg or ssh) that are > exchanged between the peers over RTP itself, and validated through a > fingerprint hash at both ends. It is of course essential to initially > validate the keys in a secure network first, but once that is done, a > man-in-the-middle in the key exchange process will then stick out like a > sore thumb. Furthermore, since each call uses different per-session > generated keys, there is no forward knowledge; breaking one call does > not allow one to also decrypt all past calls. > > Paul wrote: > > Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS. > > I was just curious if the only way to have true end to end secure > communications with FS would have to be a SIP trunk from one FS system to > another encrypted SIP system on the other with no POTS/PRI/BRI circuits used > in transit. I'm assuming if there's any POTS/BRI/PRI/DSS circuits used in > transit, anyone with a lineman's handset could still eavesdrop on any > conversations. Is this not the case? > > > > Paul > > > > > > > > > > > > > > _______________________________________________ > > Freeswitch-users mailing list > > Freeswitch-users@lists.freeswitch.org > > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > > http://www.freeswitch.org > > _______________________________________________ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > > -- Anthony Minessale II FreeSWITCH http://www.freeswitch.org/ ClueCon http://www.cluecon.com/ AIM: anthm MSN:anthony_miness...@hotmail.com <msn%3aanthony_miness...@hotmail.com> GTALK/JABBER/PAYPAL:anthony.miness...@gmail.com<paypal%3aanthony.miness...@gmail.com> IRC: irc.freenode.net #freeswitch FreeSWITCH Developer Conference sip:8...@conference.freeswitch.org <sip%3a...@conference.freeswitch.org> iax:gu...@conference.freeswitch.org/888 googletalk:conf+...@conference.freeswitch.org<googletalk%3aconf%2b...@conference.freeswitch.org> pstn:213-799-1400
_______________________________________________ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org