John Todd wrote:
This could be done today after only what I think would be a minor number of changes to the SRTP patch that exists in the bugtracker. It simply needs to be repaired a bit, reviewed more thoroughly, and included into TRUNK. If you've not tested the SRTP patches, I'm sure the trackers on that code would appreciate your input and help.
I've been trying to get the time to play with it...
The shared secrets already exist - the SIP secret can be used in the
I'm trying to avoid hard coded/predefined shared secrets, and this is where something like X.509 keys/certs will come into it, so you don't need to know *anything* about the remote server prior to connecting to other servers.
For example with SMTP, a connection is sent to a remote server, then the local server sends a ehlo message, and the remote server responds with a list of authentication and other methods, one of which is STARTTLS, if the local end sends STARTTLS both servers start handshaking. The remote (and/or local) server sends their X.509 cert, one end generates a shared symmetrical key and encrypts it with the certificate that was sent, the other server then decrypts it and then both servers start communicating for the length of the session with the generated shared secret.
-- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
