[Freeswitch-users] FS + encryption
Anthony Minessale
anthony.minessale at gmail.com
Thu May 7 09:46:07 PDT 2009
Hey David!
You should come by to this year's ClueCon!
We still have some speaking slots left.
On Thu, May 7, 2009 at 11:08 AM, David Sugar <dyfet at gnutelephony.org> wrote:
> SIP TLS will protect the SIP session information with static keys via a
> certificate, assuming of course the call is direct between two peers.
> It will do nothing for the actual voice channel.
>
> There is SRTP, which can be used to create a cryptographic context over
> RTP. However, the key question is how to exchange the keys. If they
> are exchanged in the SIP session, even TLS SIP, then there are
> certificates around, and it is possible to acquire a past rtp session
> that has been intercepted.
>
> ZRTP offers a solution for setting up SRTP cryptographic contexts using
> distributed and self generated keys (much like gnupg or ssh) that are
> exchanged between the peers over RTP itself, and validated through a
> fingerprint hash at both ends. It is of course essential to initially
> validate the keys in a secure network first, but once that is done, a
> man-in-the-middle in the key exchange process will then stick out like a
> sore thumb. Furthermore, since each call uses different per-session
> generated keys, there is no forward knowledge; breaking one call does
> not allow one to also decrypt all past calls.
>
> Paul wrote:
> > Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS.
> > I was just curious if the only way to have true end to end secure
> communications with FS would have to be a SIP trunk from one FS system to
> another encrypted SIP system on the other with no POTS/PRI/BRI circuits used
> in transit. I'm assuming if there's any POTS/BRI/PRI/DSS circuits used in
> transit, anyone with a lineman's handset could still eavesdrop on any
> conversations. Is this not the case?
> >
> > Paul
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090507/ca149967/attachment-0002.html
More information about the FreeSWITCH-users
mailing list