[VOIPSEC] ipsec vs. tls/srtp ?
Irwin Lazar
ilazar at burtongroup.com
Wed Feb 22 15:30:39 CST 2006
Dan and others,
Can you separate out the signaling encryption from the media encryption?
That is, can one typically use SRTP for encrypting the actual voice stream
without encrypting the signaling stream?
The reason I ask this is my assumption is that if the signaling stream is
encrypted, VoIP-aware firewalls are no longer viable since the FW can't see
inside the signaling session to know which ports to open for the media
session.
Thoughts?
Irwin
--
Irwin Lazar, CISSP
Senior Analyst, Burton Group
ilazar at burtongroup.com
Phone: 703-742-9659
AIM/Gizmo/Google/MSN/Skype/Yahoo: imlazar
SightSpeed: ilazar at burtongroup.com
> From: <dan_york at Mitel.com>
> Date: Wed, 22 Feb 2006 14:01:53 -0500
> To: Jin Wang <jin_x_wang at yahoo.com>
> Cc: <Voipsec at voipsa.org>
> Subject: Re: [VOIPSEC] ipsec vs. tls/srtp ?
>
> Jin,
>
>> The recent list discussion about voip & vpns brings up another
>> question: How do the list members feel about using tls & srtp as a
>> secure alternative to running sip voip over ipsec vpns ? There
>> would seem to be some advantages to using tls & srtp but I would like
> some other opinions.
>
> Are you asking about the approach of separately encrypting the SIP call
> control
> using TLS and then encrypting the voice using SRTP? (Versus not
> encrypting both
> but just tunnelling all the unencrypted traffic over an encrypted VPN
> tunnel?)
>
> If so, yes, we see that as a secure alternative to VPN tunnelling. This
> is
> how we secure all of our (Mitel) sets.
>
> Regards,
> Dan
>
> --
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel Corp. http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list