[VOIPSEC] RTP or SRTP inside UDP - how understand?

[Hadriel Kaplan]

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Simon Horne
> Sent: Monday, March 27, 2006 3:32 PM
> To: Sergey Vointsev; voipsec at voipsa.org
> Subject: Re: [VOIPSEC] RTP or SRTP inside UDP - how understand?
> 
> You can tell (and it is not definitive) if the payload is encrypted by
> examining the payload length and seeing if it is not exactly the same as
> what would be expected for that particular codec.. Usually the output
> length from the cipher (due to the cipher key length) does not match
> exactly the normal unencrypted payload size. It may only be a couple of
> bytes but it is detectable. 

I don't think so - at least not for the default AES cipher in the spec.
It's in counter mode.  

> However to the intermediary devices (proxies,
> gateways etc) it is handled exactly the same as if it was RTP so legacy
> devices should be able to handle it (except if transcoding of course).

Obviously to the proxy the media is transparent, but to a media gateway
secretly replacing Folger's crystals/RTP with SRTP would produce weird
noise.  (that would be a cool sound to capture and find out though)

> SRTP
> on the other hand may require intermediary devices to handle it and the
> packets carry a flag saying "I'm encrypted" which makes it much easier to
> detect.

On the other hand, not having an explicit flag helps you get "through"
intermediaries that inspect RTP. (i.e., not being detectable has advantages)

-hadriel