If everything is tunnelled inside SSH, its ultimate transport is TCP, which is bad for data types like voice where reliability is less important than low delay. The right thing to do is to build decent security into the RTP layer (the standard transport for voice applications, RFC1889): the SRTP draft (http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-02.txt) goes in this direction. Authentication and key exchange are supposed to be handled in the session initiation phase (e.g., through SIP or H.323).
Alternatively, one could rely on IPSEC, but its support on the target machine cannot (yet?) be taken for granted; the RTP stack, on the opposite, is usually built into the application rather than the kernel. Enzo ----- Original Message ----- From: "Eugene Leitl" <[EMAIL PROTECTED]> To: "Cryptography List" <[EMAIL PROTECTED]> Sent: Monday, 28 January, 2002 4:51 AM Subject: Re: [linux-elitists] Re: Looking back ten years: Another Cypherpunksfailure (fwd) > > anybody used that combo? > > ---------- Forwarded message ---------- > Date: Sun, 27 Jan 2002 12:45:21 -0800 > From: Don Marti <[EMAIL PROTECTED]> > To: Linux Elitists List <[EMAIL PROTECTED]> > Subject: Re: [linux-elitists] Re: Looking back ten years: Another > Cypherpunks failure (fwd) > > begin Eugene Leitl quotation of Sun, Jan 27, 2002 at 09:22:57PM +0100: > > > Why is there no secure telephony package coming with debian? > > How about gnome-o-phone over rtptunnel over ssh? I know gphone is > packaged; don't know if rtptunnel is. > > If that's acceptably fast it reduces the key management problem > to the previously solved (kind of) problem of ssh key management. > If you want someone to be able to call you, just add his or her > key to a special authorized_keys for a dial-in account. > > http://gphone.sourceforge.net/ > > -- > Don Marti > http://zgp.org/~dmarti Join the Distributed Unisys Google Experiment. > [EMAIL PROTECTED] <a href="http://burnallgifs.org/">Unisys</a> > KG6INA everywhere. > _______________________________________________ > linux-elitists > http://zgp.org/mailman/listinfo/linux-elitists > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]