Enzo Michelangeli wrote:
Thanks. But how is a common session key established in this case? If it is randomly generated and transmitted in cleartext in the SDP content, as it appears from http://bugs.digium.com/view.php?id=5413 (use of "a=crypto .... inline:....), then the method only makes sense with SIP-over-TLS.
Or use MIKEY (which is what sipura uses?) for key exchange... http://www.faqs.org/rfcs/rfc3830.html -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
