[VOIPSEC] Is it feasible that we just protect part(master key) of SDP to pass some Middle boxes (firewalls, SBCs and other ALGs) ?
Randell Jesup
rjesup at wgate.com
Fri Jan 13 16:46:44 CST 2006
Mark Baugher <mbaugher at cisco.com> writes:
>It's possible to use multipart/signed and have the entire SDP message
>signed and the keys in the message encrypted. I always favored that
>approach. There are other concerns, however, and the current
>approach in SIP AFAICT is to use multipart/alternative so that a
>legacy endpoint that does not understand SRTP can still process an
>incoming call, see http://tools.ietf.org/wg/sipping/draft-jennings-
>sipping-multipart-01.txt
And because intermediate proxies may (have to) modify the
SDP because they're SBCs (or they're gateways from one network to another,
like an IPv4<->IPv6 gateway, etc).
--
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
More information about the Voipsec
mailing list