marek cervenka
2007-May-01 13:56 UTC
[asterisk-users] Re: [asterisk-dev] SRTP implementation
> Olle E Johansson wrote: >> >> 23 apr 2007 kl. 19.55 skrev Russell Bryant: >> >>> John Todd wrote: >>>> To morph this into a -dev thread: if this patch were to become (again) >>>> useful and error-free, is there any objection or usefulness in adding it >>>> to TRUNK? Personally, I think there is, if there is a method by which >>>> SRTP can be activated or de-activated from within the dialplan based on >>>> prior shared secrets. However, I have heard others disagree and object >>>> that without signalling-based secure key exchange, SRTP is not worth the >>>> effort. Opinions? >>> >>> I agree with you. I think that is a reasonable approach. I can't speak >>> for the quality of the patch itself as I have not reviewed it. But, if it >>> works, I would guess that it would not be too bad to get it into trunk. >> >> Kevin and I earlier decided that we wanted to delay this until we had a >> complete security solution, with signalling based secure key exchange ;-) >> >> /O > > I have uploaded a new patch. This patch and also the previous supports MIKEY > as well as sdescriptions. > > The MIKEY key management scheme uses transport encryption for transporting > the keys securely over unsecured transports such as unencrypted SDP. > > There are several MIKEY flavors: Pre shared, DH-SIGN, RSA, RSA-R and DH-HMAC. > The patch currently uses DH-HMAC for outgoing connections, using secret from > sip.conf as the shared secret.http://www.voip-info.org/wiki/view/Asterisk+SRTP updated test srtp server (asterisk SVN-trunk-r61760 + latest SRTP patch) voice2.fpf.slu.cz test sip accounts 700:700 701:701 702:702 extensions.conf exten => 600,1,Set(_SIPSRTP=optional) exten => 600,n,Set(_SIPSRTP_CRYPTO=enable) exten => 600,n,Playback(demo-echotest) ; Let them know what's going on exten => 600,n,Echo ; Do the echo test exten => 600,n,Playback(demo-echodone) ; Let them know it's over exten => 600,n,hangup exten => 610,1,Set(_SIPSRTP=require) exten => 610,n,Set(_SIPSRTP_MIKEY=enable) exten => 610,n,Playback(demo-echotest) ; Let them know what's going on exten => 610,n,Echo ; Do the echo test exten => 610,n,Playback(demo-echodone) ; Let them know it's over exten => 610,n,hangup p.s. sorry for cross post --------------------------------------- Marek Cervenka Centrum Vypocetni Techniky CVT - http://cvt.fpf.slu.cz FPF SLU OPAVA - http://www.fpf.slu.cz LCNA - http://lcna.slu.cz =======================================
Apparently Analagous Threads
Wisdom of the Ancients
