On the Granstream 102 box that I have in front of me, there is a "feature list" on the side. One of the features has grabbed my attention: " - optional voice encryption (model 102D)" Now, digging through Grandstream's site, I see that it's not offered quite yet. However, sending mail to their standard "information" email address has resulted in no replies on any details. Encryption is a topic that is near and dear to me, and I'm very interested in whatever anyone else knows about this vendor's implementation, and any possible toolkits or specs that might be relevant to efforts towards getting Asterisk to work with it once introduced. SIP message and RTP payload encryption would be really, really useful for some of my clients who are at the end of cable modems and/or international links. Currently, the fact that SIP and RTP are unencrypted is just a "fact of life", but almost everyone has asked about how to change that. A great answer would be "IAX2 runs on that phone", but I am not hopeful for any such answer in the near term with only a few exceptions, so I will show interest in SIP encryption until such time as IAX2 is ubiquitous. JT
John Todd wrote:> > On the Granstream 102 box that I have in front of me, there is a > "feature list" on the side. One of the features has grabbed my attention: > > " - optional voice encryption (model 102D)" > > Now, digging through Grandstream's site, I see that it's not offered > quite yet. However, sending mail to their standard "information" email > address has resulted in no replies on any details. Encryption is a > topic that is near and dear to me, and I'm very interested in whatever > anyone else knows about this vendor's implementation, and any possible > toolkits or specs that might be relevant to efforts towards getting > Asterisk to work with it once introduced. SIP message and RTP payload > encryption would be really, really useful for some of my clients who are > at the end of cable modems and/or international links. Currently, the > fact that SIP and RTP are unencrypted is just a "fact of life", but > almost everyone has asked about how to change that. A great answer > would be "IAX2 runs on that phone", but I am not hopeful for any such > answer in the near term with only a few exceptions, so I will show > interest in SIP encryption until such time as IAX2 is ubiquitous.IAX2 appears to permit the use of RSA encryption only for the authentication stage - all other traffic is unencrypted, including any voice streams. AFAIK, IPSEC appears to be the only way to interoperably handle this appropriately at the moment (latency be damned). -- - Ian C. Blenke <icblenke@nks.net> (This message bound by the following: http://www.nks.net/email_disclaimer.html)
I have been following this thread ad decided to add my thoughts.. :) While the thought of encryption always seems like a nice idea the reality is usually far from satisfactory.. The increased processing power requirements, far larger latency and encryption standardisation and interoperability will all prove to be major headaches.. As far as I see it if you have ever talked about confidential stuff on a cordless phone or a cell phone you should have no problem using a SIP phone over the LAN or even the internet.. Even a landline phone is easy to tap if you really wanted to.. If the nature of the information is such that it requires a secure transport method then you probably shouldn't be talking about it over the phone anyway.. irrispective of the phone technology being used.. later.. -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze