[Freeswitch-users] FS + encryption
David Sugar
dyfet at gnutelephony.org
Thu May 7 11:21:37 PDT 2009
If I can find funding for travel presently I would.
Anthony Minessale wrote:
> Hey David!
>
> You should come by to this year's ClueCon!
> We still have some speaking slots left.
>
>
> On Thu, May 7, 2009 at 11:08 AM, David Sugar <dyfet at gnutelephony.org
> <mailto:dyfet at gnutelephony.org>> wrote:
>
> SIP TLS will protect the SIP session information with static keys via a
> certificate, assuming of course the call is direct between two peers.
> It will do nothing for the actual voice channel.
>
> There is SRTP, which can be used to create a cryptographic context over
> RTP. However, the key question is how to exchange the keys. If they
> are exchanged in the SIP session, even TLS SIP, then there are
> certificates around, and it is possible to acquire a past rtp session
> that has been intercepted.
>
> ZRTP offers a solution for setting up SRTP cryptographic contexts using
> distributed and self generated keys (much like gnupg or ssh) that are
> exchanged between the peers over RTP itself, and validated through a
> fingerprint hash at both ends. It is of course essential to initially
> validate the keys in a secure network first, but once that is done, a
> man-in-the-middle in the key exchange process will then stick out like a
> sore thumb. Furthermore, since each call uses different per-session
> generated keys, there is no forward knowledge; breaking one call does
> not allow one to also decrypt all past calls.
>
> Paul wrote:
> > Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS.
> > I was just curious if the only way to have true end to end secure
> communications with FS would have to be a SIP trunk from one FS
> system to another encrypted SIP system on the other with no
> POTS/PRI/BRI circuits used in transit. I'm assuming if there's any
> POTS/BRI/PRI/DSS circuits used in transit, anyone with a lineman's
> handset could still eavesdrop on any conversations. Is this not the
> case?
> >
> > Paul
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> <mailto:Freeswitch-users at lists.freeswitch.org>
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> <mailto:Freeswitch-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> <mailto:MSN%3Aanthony_minessale at hotmail.com>
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> <mailto:PAYPAL%3Aanthony.minessale at gmail.com>
> IRC: irc.freenode.net <http://irc.freenode.net> #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> <mailto:sip%3A888 at conference.freeswitch.org>
> iax:guest at conference.freeswitch.org/888
> <http://iax:guest@conference.freeswitch.org/888>
> googletalk:conf+888 at conference.freeswitch.org
> <mailto:googletalk%3Aconf%2B888 at conference.freeswitch.org>
> pstn:213-799-1400
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dyfet.vcf
Type: text/x-vcard
Size: 177 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090507/7940fb70/attachment-0002.vcf
More information about the FreeSWITCH-users
mailing list