[VOIPSEC] open voip crypto
Cesc Santasusana
cesc.santasusana at nl.thalesgroup.com
Mon Mar 13 06:49:24 CST 2006
Hi,
I think you are in the correct path ...
On the TLS side, you'll be safe ... openser, minisip, snom, ... they
work and are compatible (it takes more or less effort to set up, but you
will get there).
As for SRTP, we enter muddy terrain. Several phones have some kind of
SRTP support ... it is just that they do not agree on what key exchange
mechanism to use. Snom goes for SDES, Minisip uses MIKEY, and yet others
use propietary signalling. Somehow, you are kind of stuck when you want
end-to-end security to like-phones.
Regards,
Cesc
Unclassified
>>> "Joseph Burdick" <joseph.burdick at gmail.com> 03/13/06 12:06am >>>
What are the components of an open source, encrypted, voip (pref sip)
network if I were to assemble them today (no vaporware)? I'll muse a
bit
and you all can fill in the gaps and possibly correct my direction.
SIP proxy that supports TLS like openSER
Clients that support SRTP (like spa2000, snom 360, XtenPro) and TLS
(?)
minisip looks nice, but not complete
asterisk claims to have crypto possible in IAX, but I haven't heard of
anybody doing it
spa2000 with a cert (from voxilla) will do SRTP to a like endpoint (say
via
fwd or direct IP), but not TLS/SIP?
Throw out the VPN card, it's not always suitable to a roaming endpoint
Thanks,
Joseph
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list