One of my clients today asked me about TLS support for encryption of SIP payloads, and I didn't have an adequate answer as to why it wasn't supported or even discussed. Some archive searching finds scant mention of this in reference to Asterisk. Of course, encrypting the SIP payload is only 1/2 the problem; the payload itself is the next problem. I understand that IAX solves these issues, but it will be some time before IAX is a "standard" on equipment. Does anyone here use hardphones or softphones that support TLS? Is TLS stillborn? Speaking of payload encryption, has anyone ever peeked at the Vovida SRTP libraries? They're free (as in, BSD-licensed) and even in C (not C++) and found on http://www.vovida.org/protocols/downloads/srtp/index.html Asterisk is sometimes the chicken, sometimes the egg - maybe putting TLS and SRTP into Asterisk will cause some more vendors to start putting that support into their phones (though some already do!) JT
AFAIK TLS support (and a formal security architecture) was only introduced with the last version of the SIP protocol - which probably means that few people have yet got round to implementing it. Iain> > One of my clients today asked me about TLS support for encryption of > SIP payloads, and I didn't have an adequate answer as to why it > wasn't supported or even discussed. Some archive searching finds > scant mention of this in reference to Asterisk. Of course, > encrypting the SIP payload is only 1/2 the problem; the payload > itself is the next problem. I understand that IAX solves these > issues, but it will be some time before IAX is a "standard" on > equipment. Does anyone here use hardphones or softphones that > support TLS? Is TLS stillborn? > > Speaking of payload encryption, has anyone ever peeked at the Vovida > SRTP libraries? They're free (as in, BSD-licensed) and even in C > (not C++) and found on > http://www.vovida.org/protocols/downloads/srtp/index.html > > Asterisk is sometimes the chicken, sometimes the egg - maybe putting > TLS and SRTP into Asterisk will cause some more vendors to start > putting that support into their phones (though some already do!) > > > JT > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > >