On 10/29/2015 04:01 PM, Motty wrote:
On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote:
On 10/28/2015 06:37 PM, Pete Mundy wrote:
Hi Motty,
Isn't the whole point of the nonce in a SIP registration to ensure
the secret doesn't go on the wire in plain-text? Is this not enough,
or are you looking to hide the username too?
(if so, fair 'nuf, just wondering why :)
Pete
Ps, if so then I think TLS is the missing part of your equation.
On 29/10/2015, at 11:54 AM, Motty <[email protected]> wrote:
Hello,
I am searching for a solution to encrypt authentication from
Asterisk server to clients. Searching srtp seem to encrypt traffic,
I just want client authentication with encryption. Can someone
point to the right direction? has anybody used ZRTP? experience
with ZRTP?
Thanks,
_motty
You want SIP over TLS. That encrypts the signalling. SRTP and ZRTP
encrypt the actual voice traffic.
Cheers,
j
Thanks Jeff,
I don't want SIP over TLS. I would like to encrypt password only, I
suppose over TLS.
Thanks,
_motty
The password isn't sent - SIP auth involves a challenge/response with
hashing (digest authentication). If that's all you are interested in,
you are already there.
Cheers,
j
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
