[VOIPSEC] SRTP
Nathan Allen Stratton
nathan at robotics.net
Mon Mar 20 17:36:30 CST 2006
On Mon, 20 Mar 2006, Randell Jesup wrote:
> Nathan Allen Stratton <nathan at robotics.net> writes:
> >There is MIKEY, but it is a bit overkill for most CPE vendors to
> >implement. It looks like draft-ietf-mmusic-sdescriptions-12.txt is getting
> >the most traction. I know of at least 4 CPE and 2 SBC that support it, I
> >know there is at least one KIKEY CPE, but I don't know of any major SBC
> >vendor that has implemented it.
>
> The problem with sdescriptions is that it solves only one part of the
> problem - how to put a key in SDP. It doesn't provide the AKE to secure
> the key exchange. So sdescription support is NOT sufficient, and honestly
> while useful it's not the hard part. Then there's early media, forking,
> grouping of secure vs. insecure streams, etc.
That is why you use TLS, most SBCs can support tens of thousands of TLS
sessions now.
-Nathan
More information about the Voipsec
mailing list