On 11 maj 2010, at 20.27, M. Ranganathan wrote: > On Tue, May 11, 2010 at 2:02 PM, Staffan Kerker <[email protected]> wrote: >> Hi >> >> I just noticed that sipXbridge seems to remove the crytpo-attributes in SDP >> if a call setup with SRTP information >> is recieved. The RTP/SAVP profile is still there, but the crypto attributes >> are gone... > > > Since sipxbridge/sipxrelay always relays media and SRTP works end to > end, crypto attributes must be stripped; otherwise, the relay will be > detected as a man in the middle attack and the call would be dropped. > We have not implemented SRTP in sipXrelay and AFIK there are no plans > to do so at present as NO ITSP supports it. > > Ranga
Yes, I see the problem, missed the e2e issue. Anyway, since sipXbridge strips the a=crypto attributes but keeps the RTP/SAVP profile the call fails. This means that the SIP clients must be configured differently depending on whether they use sipXbridge (no SRTP) or sipXproxy (SRTP) to route the call. AFAIK, using RTP/SAVP makes it required to use SRTP, and required might not be a good idea. That wouldn't work anyway towards the ITSP since they don't support it, but a normal RTP/AVP with stripped crypto headers would since it would fallback to unencrypted RTP and still connect the call? So, I guess the Bria client is a bit too binary in it's SRTP settings (Off or Require) using the RTP/SAVP profile? /Staffan -- Staffan Kerker mail/sip/xmpp: [email protected] "There is absolutely no money above the 5th fret..." /Donald "Duck" Dunn _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
