[VOIPSEC] Why a secure keyechange for media encryption?
Gupta, Sachin
s-gupta2 at ti.com
Fri Apr 28 12:13:18 CDT 2006
I am wondering how do you exchange the keys for encrypting the SDP
end-to-end. Most of the time you do not even have the location
information of the other end. How would key exchange work then?
One solution would be the pre-shared keys, which is not scalable.
Sachin
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Michael Prochaska
Sent: Friday, April 28, 2006 12:51 PM
To: Hadriel Kaplan
Cc: voipsec at voipsa.org
Subject: Re: [VOIPSEC] Why a secure keyechange for media encryption?
> If you don't trust the hop-by-hop signaling path to remain secure,
> don't use it - your signaling is almost as sensitive as your media -
> more for some, less for others.
that's the point in my eyes too. i would even say the signaling is more
sensitive than the media. the media may be sensitive sometimes but the
signaling IS sensitive everytime.
> Send signaling directly to the far-end, or use s/mime to encrypt the
> SDP (good luck with that).
is it problematic to encrypt the SDP with S/MIME in your mind?
regards,
michael
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list