[Freeswitch-users] MIKEY-PK support
Brian West
brian at freeswitch.org
Fri Nov 6 15:28:50 MSK 2015
Use zrtp pass through mode!
On Friday, November 6, 2015, Sergey Safarov <s.safarov at gmail.com> wrote:
> Using SDES "keys are transported in the SDP attachment of a SIP message
> <https://en.wikipedia.org/wiki/SDES>". This keys is accessible to
> FreeSwitch process.
> I want reach case when keys negotiated by endpoints and is
> not accessible to FreeSwitch process.
> Second target I want use certificate issued by trusted CA to identity
> participant on other leg and all participants in conference. It will be
> like site identification in browser. If encryption icon green, then user
> know it is trusted and user knows who is on other leg.
>
> When used SDES channel is protected from leg-A to FS and from FS to
> leg-B. But FS is the weakest link. Keys can be intercepted, media can be
> decrypted and user will not known that channel is not secured.
>
> According RFC <https://tools.ietf.org/html/rfc5197#section-5.5>5197
> <https://tools.ietf.org/html/rfc5197#section-5.5> modes RSA (3.2),
> DH-SIGN (3.3), RSA-R (3.7) look is appropriate. Additional feature is
> support conference call.
> After reading "6. Transport of MIKEY Messages
> <https://tools.ietf.org/html/rfc5197#section-6>" i think support MIKEY on
> FreeSwitch side is optional. Endpoints can directly negotiate keys via port
> 2269.
> But in same section exist "The transport of MIKEY messages as part of SDP
> is described in [RFC4567 <https://tools.ietf.org/html/rfc4567>]." and
> FreeSwitch can help to transport messages when NAT is used.
>
> Sergey
>
>
>
>
>
> On Fri, Nov 6, 2015 at 12:14 PM, Brian West <brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>> wrote:
>
>> I think you mean RFC4568, What does MIKEY give you that SDES does not?
>>
>> On Fri, Nov 6, 2015 at 1:57 AM, Sergey Safarov <s.safarov at gmail.com
>> <javascript:_e(%7B%7D,'cvml','s.safarov at gmail.com');>> wrote:
>>
>>> Are is mean that libsrtp cannot be used?
>>>
>>> Also. Are is FS support RFC4567 <https://tools.ietf.org/html/rfc4567>?
>>>
>>>
>>> On Fri, Nov 6, 2015 at 10:48 AM, Ken Rice <krice at freeswitch.org
>>> <javascript:_e(%7B%7D,'cvml','krice at freeswitch.org');>> wrote:
>>>
>>>> Brian’s message there still rings true at this time.
>>>>
>>>>
>>>>
>>>> *From:* freeswitch-users-bounces at lists.freeswitch.org
>>>> <javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');>
>>>> [mailto:freeswitch-users-bounces at lists.freeswitch.org
>>>> <javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');>]
>>>> *On Behalf Of *Sergey Safarov
>>>> *Sent:* Friday, November 6, 2015 1:42 AM
>>>> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org
>>>> <javascript:_e(%7B%7D,'cvml','freeswitch-users at lists.freeswitch.org');>
>>>> >
>>>> *Subject:* [Freeswitch-users] MIKEY-PK support
>>>>
>>>>
>>>>
>>>> Hi
>>>>
>>>> According this message
>>>> <http://lists.freeswitch.org/pipermail/freeswitch-users/2008-January/029822.html> to
>>>> support MIKEY key exchange is required library with compatible licence.
>>>>
>>>> Now I am not find MIKEY support in source code.
>>>>
>>>>
>>>>
>>>> Are is posible to use libsrtp
>>>> <http://srtp.sourceforge.net/license.html> to implement MIKEY key
>>>> exchange?
>>>>
>>>>
>>>>
>>>> Sergey
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151106/8051eb40/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list