[VOIPSEC] mid-span decrypt
jdonovan at covergence.com
Wed May 10 12:54:37 BST 2006
Hi Bill -
The media (voip, video, IM chat, etc.) recording functions of the
Covergence appliance are typically only activated based on demand (using
policy or dial prefix). For example, if the network operator received a
court order to target a particular individual, a policy could be
activated that would target only that individual. The policy
mechanism is also granular enough to only record calls that (for
example) are between a U.S. subscriber and PSTN or VOIP subscriber
outside of the U.S.
You are correct in your assumption that the appliance must be part of
the call setup for this feature to be used. Given that the product is
typically used to provide SIP firewall, encryption, and other session
control features at the edge of carrier and enterprise networks, the
appliance is already in the call setup path for other purposes besides
call recording. For example, a typical application of the product
would be to provide TLS and SRTP encryption over the untrusted public
network and then remove this encryption once the call enters the trusted
private network. If you would like more info, please drop me a note.
jdonovan at covergence.com
Date: Tue, 09 May 2006 17:32:12 -0400
From: Bill Flanagan <flanagan at flanagan-consulting.com>
Subject: [VOIPSEC] mid-span decrypt
To: Voipsec at voipsa.org
Message-ID: <44610A5C.4010305 at flanagan-consulting.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Is you appliance intended to carry every conversation of an ISP? or
just when presented with a court order?
Am I correct in inferring that the appliance must be part of the call
setup to capture the key(s) by acting as man in the middle?
>Date: Mon, 8 May 2006 06:23:21 -0400
>From: "Jim Donovan" <jdonovan at covergence.com>
>Subject: Re: [VOIPSEC] CALEA Enforcement
>To: <Voipsec at voipsa.org>
> <0D1719326D64BD4E9F92A0C120237678CEF104 at eserv.covergence.com>
>Content-Type: text/plain; charset="us-ascii"
>Hi Sachin -
>The CALEA requirements you mention in your note are one of the reasons
>why Covergence has developed mid-stream encryption / decryption
>capabilities as well as extensive call recording capabilities. The
>mid-stream encryption / decryption capabilities allow you to run SIP
>TLS and/or SRTP in your network and our appliance will remove the
>encryption, capture the bidirectional RTP packets, and if necessary,
>re-encrypt for transmission to the next hop in the network. Our
>appliance has dedicated hardware to ensure that the integrity of the
>media is not impaired as a result of this process. The captured RTP
>streams are then coupled with an accounting record. This information
>can be stored on our appliance or swept out to third-party database.
>The stored media recording and associated call record allows the
>captured media to be accessed by law enforcement personnel or network
>technicians for the purpose of troubleshooting call quality. Whether
>or not an individual call is recorded is done based on a finely
>granular policy that allows the network operator and law enforcement
>determine who, what, and when to record.
>jdonovan at covergence.com
More information about the Voipsec