[VOIPSEC] SIP B2BUA and Digest Authentication using
s.horne at packetizer.com
Tue Nov 8 05:42:19 GMT 2005
At 11:34 AM 8/11/2005, Randell Jesup wrote:
>Simon Horne <s.horne at packetizer.com> writes:
> >At 02:43 PM 6/11/2005, Christopher A. Martin wrote:
> >>Question, for your product, has this introduced any of the items that
> >>people in the past have claimed would be a detriment? e.g, PKI would slow
> >>things down too much for people to accept the delays caused by it during
> >>call setup...
> >No not all, even to me this was initially surprising. Their is virtually no
> >noticeable delay in call setup (under 1 sec). The implementation from the
> >start was designed and effort put in to avoid delays. All key management is
> >handled multi threaded and quite separate from call processing. The TLSv1
> >negotiation is compressed into 2 messages, 1 in each direction and the
> >encryption engine uses assembler routines.to speed up
> >ciphering/deciphering. Also since the session encryption key (using
> >diffie-hellman) is negotiated prior to the caller answering, there is no
> >2-3 sec delay at the start of the call.
> Negotiating the DH key prior to call setup may lead to DoS
>vulnerabilities, at a random guess.
The DH half key is embedded in the first setup message. This is of course
may create a DoS volubility, the X.509 authentication mechanism is executed
prior to the DH so it does offer some protection, if the security policy
requires a X.509 cert and one is not present then the call is denied quite
early so the mechanism may actually improve DoS protection.
> 1 second (on what?) is good - except when users expect way less
>than 1 second delays. From what I've seen, 200-300ms would seem to be
>the upper bound for a hardphone given user's expectiations. It's a lot
>better than 2-3 seconds, of course.
The setup time is for full X.509 Authentication and D-H session key
negotiation. Unlike standard TLSv1 which requires several messages to
obtain SA (security association), we have compressed these into 2 messages,
1 in each direction, greatly reducing setup time.
The authentication/encryption setup time is very dependent on the hardware,
4-500ms is achievable with P4 3.2Ghz boxes . The exchange is done before
either party receives a ring notification, basically in the "connecting"
space. People have come to expect 1 to 2 sec from dialing a number to
receiving information that the remote phone is ringing. This is of course
quite different to answering the call where near instant connection is
More information about the Voipsec