Re: [asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

Tue, 15 Jan 2019 14:04:03 -0800 

On 15.01.19 at 20:27 Joshua C. Colp wrote:
> 
> 
> On Tue, Jan 15, 2019, at 3:23 PM, Michael Maier wrote:
>> Hello!
>>
>> Deutsche Telekom introduced sips and srtp. I tested it and it works 
>> partly. Partly means: sips is working - but not srtp. srtp doesn't 
>> work, because of missing additional
>> headers in the REGISTER and INVITE packages (according an enhancement 
>> of RFC 3329).
>>
>>
>> Example:
>>
>> UAC                                            Registrar
>> |                                            |
>> |----(1) REGISTER------------------------------>|
>> |        Security-Client: sdes-srtp;mediasec    |
>> |        Proxy-Require: mediasec                |
>> |        Require: mediasec                   |
>> |                                               |
>> |<---(2) 401------------------------------------|
>> |        Security-Server: msrp-tls;mediasec     |
>> |        Security-Server: sdes-srtp;mediasec    |
>> |        Security-Server: dtls-srtp;mediasec    |
>> |                                               |
>> |----(3) REGISTER(with Authorization Header)--->|
>> |        Security-Client: sdes-srtp;mediasec    |
>> |        Proxy-Require: mediasec                |
>> |        Require: mediasec                      |
>> |        Security-Verify: msrp-tls;mediasec     |
>> |        Security-Verify: sdes-srtp;mediasec    |
>> |        Security-Verify: dtls-srtp;mediasec    |
>> |                                                    |
>> |<---(4) 200 OK---------------------------------|
>> |                                               |
>> |                                               |
>> |----(5) INVITE-------------------------------->|
>> |        Security-Verify: msrp-tls;mediasec     |
>> |        Security-Verify: sdes-srtp;mediasec    |
>> |        Security-Verify: dtls-srtp;mediasec    |
>> |        a=3ge2ae:requested                     |
>> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:EpcgtOdT5qd...
>> |                                               |
>> |<---(8) 200 OK---------------------------------|
>> |        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:lnfakjh2sd1..
>>
>>
>>
>> You can find a complete description here (english language):
>> https://www.telekom.de/hilfe/downloads/1tr114.pdf
>> The example can be found on page 115.
>>
>> They need those mediasec parameters because of there compatibility with 
>> the 3GPP standards
>> (http://www.qtc.jp/3GPP/Specs/33328-920.pdf) which would require an 
>> additional signaling of the media plane security.
>>
>>
>> Is this already implemented or did I miss something else?
> 
> This is not implemented and I know of noone working on such a thing.
> 

Would you please plan to implement it?
Deutsche Telekom is the biggest player in Germany having 19 millions fixed 
lines and 25 millions mobile customers.


Thanks,
Michael

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

Reply via email to