[VOIPSEC] Secure Real-time Transport Protocol (SRTP)
Simon Horne
security at isvo.net
Thu Mar 24 01:45:08 CST 2005
At 09:41 AM 24/03/2005, Brian Raymond wrote:
>I had a couple of comments for the thread.
>
>Avaya has always supported H.235 for security on H.323 calls so I would
>imagine they are still doing the same now. I'm not sure however which
>profile they are working with these days. There are a number of security
>profiles (Annexes) specifying different algorithms for encryption and key
>management. Related to MIKEY is H.235 Annex G, which is MIKEY and SRTP for
>transport. Signaling of H.225 is generally encrypted via TLS or IPSEC, at
>least what I've seen. Key exchange for media is over H.245 however the
>method is specific to the profile.
H225 RAS Encryption is now covered by H.235 Annex H.
I've successfully implemented TLS over standard RTP by using H.235AnnexE (
PKI ) 2 pass cryptoToken methodology (H235v3 fig4a) on both H.245 and more
recently on H.225 (so it can double as a Caller Authentication mechanism).
Once a SA is achieved the Payload of the RTP can be intercepted and
Encrypted/Decrypted (H235v3 chpt11), if no SA achieved then call progresses
as standard RTP. ie 100% interoperability.
If you are doing the key exchange "out of band" (separate channel) why do
you need SRTP? It might sound like a silly question because it is. It is
possible to leverage the existing RTP and obtain interoperability with your
existing infrastructure.
The sluggish demand and slower up take of SRTP is going to make it much
more difficult to implement on a large scale. The nastier (interop) RTP
hack may present itself as the way forward. Just a thought.
Simon
More information about the Voipsec
mailing list