[VOIPSEC] Why a secure keyechange for media encryption?
Michael Prochaska
tm021090 at fh-stpoelten.ac.at
Fri Apr 28 12:49:09 CDT 2006
Gupta, Sachin schrieb:
> I am wondering how do you exchange the keys for encrypting the SDP
> end-to-end. Most of the time you do not even have the location
> information of the other end. How would key exchange work then?
> One solution would be the pre-shared keys, which is not scalable.
that is the main focus of my thesis :-) .... the key exchange problem
i think the only acceptable way will be any form of a PKI.
TLS is fine but without certificates it's vulnareable for MITM.
in my mind there must be PKI clouds (providers, big companies - cross
certification) to assure real secure communication.
i have interpreted the "good luck with that" as general problems with
S/MIME in connection with SIP.
regards,
michael
> Sachin
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Michael Prochaska
> Sent: Friday, April 28, 2006 12:51 PM
> To: Hadriel Kaplan
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Why a secure keyechange for media encryption?
>
>
>>If you don't trust the hop-by-hop signaling path to remain secure,
>>don't use it - your signaling is almost as sensitive as your media -
>>more for some, less for others.
>
>
> that's the point in my eyes too. i would even say the signaling is more
> sensitive than the media. the media may be sensitive sometimes but the
> signaling IS sensitive everytime.
>
>
>>Send signaling directly to the far-end, or use s/mime to encrypt the
>>SDP (good luck with that).
>
>
> is it problematic to encrypt the SDP with S/MIME in your mind?
>
> regards,
> michael
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list