[VOIPSEC] Is it feasible that we just protect part(master key) of SDP to pass some Middle boxes (firewalls, SBCs and other ALGs) ?
dennis
m8939605 at yahoo.com.tw
Tue Jan 10 08:50:19 CST 2006
Dear all,
Because some sip proxies need to modify the SDP/etc
(such as SBC's modifying IP and port values), which
can make S/MIME more fun to do.
Why not we use S/MIME to encrypt part(master key) of
SDP ?
like this:
INVITE sip:bob at biloxi.com SIP/2.0
Via: SIP/2.0/UDP
pc33.atlanta.com;branch=z9hG4bKnashds8
To: Bob <sip:bob at biloxi.com>
From: Alice <sip:alice at atlanta.com>;tag=1928301774
Call-ID: a84b4c76e66710
CSeq: 314159 INVITE
Max-Forwards: 70
Contact: <sip:alice at pc33.atlanta.com>
Content-Type: application/pkcs7-mime;
smime-type=enveloped-data;
name=smime.p7m
Content-Disposition: attachment; filename=smime.p7m
handling=required
v=0
o=sam 2890844526 2890842807 IN IP4 10.47.16.5
s=SRTP Discussion
i=A discussion of Secure RTP
u=http://www.example.com/seminars/srtp.pdf
e=marge at example.com (Marge Simpson)
c=IN IP4 168.2.17.12
t=2873397496 2873404696
m=audio 49170 RTP/SAVP 0
**********************************************************
*a=crypto:1 AES_CM_128_HMAC_SHA1_80 *
*inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4*
*FEC_ORDER=FEC_SRTP *
**********************************************************
--boundary42
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s;
handling=required
ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
7GhIGfHfYT64VQbnj756
--boundary42-
Best regards,
Dennis
___________________________________________________ 最新版 Yahoo!奇摩即時通訊 7.0,免費網路電話任你打! http://messenger.yahoo.com.tw/
More information about the Voipsec
mailing list