[VOIPSEC] SIP B2BUA and Digest Authentication using
Simon Horne
s.horne at packetizer.com
Sun Nov 6 20:29:50 CST 2005
Satyam
The X.509 Certs are issued by a trusted third party to each client and is
used mainly for caller authentication, (identify the calling parties are
who they say they are) and are identical for each line.
The session key, for encryption, is negotiated between the two call parties
directly and unique for each line using Diffie-Hellman methodology.with the
first leg EP1 -> EP2 being sent in the clear and the return EP2 -> EP1
being encrypted with EP1's public key (embedded in EP1's cert from the
first leg) to thwart MiTM attacks.
Simon
At 11:54 PM 6/11/2005, satyam tyagi wrote:
> > Also since the session encryption key (using
> > diffie-hellman) is negotiated prior to the caller answering, there is no
> > 2-3 sec delay at the start of the call.
>
>Hi Simone,
>
>One question here, (I am also not that much familiar with H.323). But how
>does the early negotiation work in case of shared line. (Multple
>phones/contacts having same DN/AOR)
>
>Are multiple keys negotiated for each possible session, based on where the
>call is answered? Or is there a simpler solution?
>
>Thanks,
>
>Satyam
Simon Horne
Director
Packetizer Labs
www.packetizer.com/labs
More information about the Voipsec
mailing list