[VOIPSEC] This call is being recorded for Quality Assurance

[Brian Rosen]

These days I think you would use SRTP to encrypt it at the source, store it
encrypted, use RTSP to play it back.  The key management is not quite worked
out, but SDES is the way to go I think.

Brian

> -----Original Message-----
> From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
> Behalf Of J. Oquendo
> Sent: Monday, August 17, 2009 2:07 PM
> To: Voipsec
> Subject: [VOIPSEC] This call is being recorded for Quality Assurance
> 
> 
> Hey all, what has anyone come across for the following scenario:
> 
> You work at Company X whose customer service department (or other
> department for that matter) plays an audio "This call is being
> recorded..." Company X indeed records and stores conversations (or
> samples or conversations) for later playback.
> 
> 1) Conference between client and Company X has to be encrypted (locally
> TLS works fine)
> 2) Audio recorded has to be encrypted and retrievable
> 3) Message format has to be small so as not to chew through space.
> 
> Make sense?
> 
> In premise #1, TLS would work fine but it wouldn't stop a local tap on
> the client's side (not much a company can do about this).
> 
> In premise #2, I've seen nothing functional that says something to the
> tune of `gpg conversation.wav conversation.wav.gpg`
> 
> In premise $3, I'm thinking MP3 is probably the best bet for
> space/sizes.
> 
> --
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
> 
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
> 
> 227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org