Olle E Johansson wrote:
23 apr 2007 kl. 19.55 skrev Russell Bryant:
John Todd wrote:
To morph this into a -dev thread: if this patch were to become
(again) useful and error-free, is there any objection or usefulness
in adding it to TRUNK? Personally, I think there is, if there is a
method by which SRTP can be activated or de-activated from within the
dialplan based on prior shared secrets. However, I have heard others
disagree and object that without signalling-based secure key
exchange, SRTP is not worth the effort. Opinions?
I agree with you. I think that is a reasonable approach. I can't
speak for the quality of the patch itself as I have not reviewed it.
But, if it works, I would guess that it would not be too bad to get it
into trunk.
Kevin and I earlier decided that we wanted to delay this until we had a
complete security solution, with signalling based secure key exchange ;-)
/O
I have uploaded a new patch. This patch and also the previous supports
MIKEY as well as sdescriptions.
The MIKEY key management scheme uses transport encryption for
transporting the keys securely over unsecured transports such as
unencrypted SDP.
There are several MIKEY flavors: Pre shared, DH-SIGN, RSA, RSA-R and
DH-HMAC. The patch currently uses DH-HMAC for outgoing connections,
using secret from sip.conf as the shared secret.
Mikael
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
