On 11/6/07, Mikael Magnusson <[EMAIL PROTECTED]> wrote: > Mohammad Halawah wrote: > > Hello everyone, > > > ... > > I know that Asterisk has a patch to enable SRTP with Sdecriptions as > > mentioned in http://bugs.digium.com/view.php?id=5413 > > > > I know also that there is a working patch for TLS as Russel mentioned > > (9th July 2007) in > > http://lists.digium.com/pipermail/asterisk-dev/2007-July/028454.html > > which is made for revision 88524 as can be seen in > > http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls. > > > > Additionally, in this link http://bugs.digium.com/view.php?id=4903 , I > > found two patches dated after 9th July. > > > > I think that I can use asterisk on this link > > http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls/ and patch > > it with the SRTP patch "ast_srtp_r81432_mikey_r3412.patch" located > > here http://bugs.digium.com/view.php?id=5413 . Does that make sense? > > > > I would appreciate someone help me finding the right combination of > > trunk/revision/patch. Thanks in advance. > > > Hi Mikael,
> I haven't tried to apply the SRTP patch on the sip-tcptls branch, you > may need to deal with conflicts since both touch chan_sip. Actually I am expecting some troubles, but I wanted to start with the best available combination to avoid unnecessary work. > An alternative approach is to use a SIP proxy to translate between TLS > and UDP, for example openser or yxa. Of course you need to secure the > link between Asterisk and the proxy, maybe by running both on the same host. I am aware of this solution but (as you can tell) it introduces more complexity to the system. but thanks for the hint... > I would like to add that the SRTP patch besides sdescriptions also > supports MIKEY (Multimedia KEYing), which doesn't require a secure > transport such as TLS or S/MIME. The problem is that Snom phones doesn't support neither ZRTP nor MIKEY. Can you tell me which patch should I use with sip-tcp/tls trunk? I think if we can get Sdescriptions patch with TLS to work, then SRTP w/ Sdesc puzzle is solved. > Regards, > Mikael Best regards, Mohammad _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
