[Freeswitch-users] MIKEY-Support

Alois Komenda alois.komenda at esk.fraunhofer.de
Mon Jan 28 01:52:39 PST 2008 

MIKEY in very few words:

Multimedia Internet KEYing (MIKEY) is a secure key exchange protocol. It is
not SIP-specific but independent from the signalling protocol.
In the specifying RFC 3830 there are three methods mentioned how the session
key can be transmitted securely:

- Pre-shared key (mandatory)
- Public key (mandatory)
- Diffie-Hellman (optional)

Every one of these methods has its downside. (For PSK you need a separate
channel to transmit the key; With Public Keys you need a PKI; DH is
computationally intesnive and is not mandatory to implement.) 
But you don't need secure signalling for the key exchange with MIKEY.

There are extensions for more key exchange methods:
- DH HMAC (RFC 4650): Kombination of Diffie-Hellman and HMAC; Needs a
pre-shared key
- MIKEY RSA-R (RFC 4738): [Haven't evaluated this one yet]


I don't know any device using MIKEY. But that does not necessarily mean
anything because I have not been looking at many devices.

--
Alois Komenda
Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK




-----Ursprüngliche Nachricht-----
Von: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] Im Auftrag von Brian
West
Gesendet: Freitag, 25. Januar 2008 18:18
An: freeswitch-users at lists.freeswitch.org
Betreff: Re: [Freeswitch-users] MIKEY-Support

Alois,
	Can you break down what mikey is, what it does exactly and what
devices if any support it?  Seems MIKEY came out in 2004 and SDES came out
in 2006 and more devices do SDES.

/b

On Jan 25, 2008, at 4:20 AM, Alois Komenda wrote:

> How can you ever be sure TLS is really used end-to-end?
> Even if TLS is used "end-to-end" i.e. on every hop, every involved 
> proxy can read your keys.
>
> So if you can trust all proxys that route your messages, SDES is 
> secure.
>
> --
> Alois Komenda
> Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK
>
>


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4942 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080128/d6a28a2b/attachment-0002.bin

More information about the FreeSWITCH-users mailing list