[VOIPSEC] Key Negotiation for SRTP
rgm at icsalabs.com
Fri Aug 26 08:02:47 PDT 2005
At 02:41 AM 8/26/2005, Christian Stredicke wrote:
>The latest idea would look like this: Transfer the key in clear text via
>a secure protocol in the SDP.
>I think that is in line with Dan's proposal... At least one of the ways
>to do it. I like it. Simple & solves the problems.
Perhaps I am missing something here....
You are saying to pass a caller-to-callee session key via SIP. It
would be secure over the net, but known to the SIP server. Gee why
not have the SIP server generate a key and tell both parties to use that?
Again, am I missing something here? I can clearly see how this is
better than no security, but it is a false sense of security. The
uninformed user will see a security on option and not be aware of the
key leakage to all SIP servers in the call chain.
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
E: rgm at icsalabs.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
More information about the Voipsec