[VOIPSEC] Why a secure keyechange for media encryption?

Hadriel Kaplan HKaplan at acmepacket.com
Fri Apr 28 12:02:09 PDT 2006



> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Michael Prochaska
> Sent: Friday, April 28, 2006 1:49 PM
> To: Gupta, Sachin
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Why a secure keyechange for media encryption?
> 
> i think the only acceptable way will be any form of a PKI.
> TLS is fine but without certificates it's vulnareable for MITM.

Define what you mean by MITM for that context.  A MITM between the two ends
of the TLS socket/connection?  Or just that a hop-by-hop SIP chain means
each hop is a MITM, or the chain could be broken somewhere?  

-hadriel





More information about the Voipsec mailing list