Thanks Jeff, just to confirm, password are not sent in plain text? I
want to safeguard against man in the middle attacks, sniffing traffic of
clients.
Thanks,
_motty
On 10/30/2015 07:37 AM, Jeff LaCoursiere wrote:
On 10/29/2015 04:01 PM, Motty wrote:
On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote:
On 10/28/2015 06:37 PM, Pete Mundy wrote:
Hi Motty,
Isn't the whole point of the nonce in a SIP registration to ensure
the secret doesn't go on the wire in plain-text? Is this not
enough, or are you looking to hide the username too?
(if so, fair 'nuf, just wondering why :)
Pete
Ps, if so then I think TLS is the missing part of your equation.
On 29/10/2015, at 11:54 AM, Motty <[email protected]> wrote:
Hello,
I am searching for a solution to encrypt authentication from
Asterisk server to clients. Searching srtp seem to encrypt
traffic, I just want client authentication with encryption. Can
someone point to the right direction? has anybody used ZRTP?
experience with ZRTP?
Thanks,
_motty
You want SIP over TLS. That encrypts the signalling. SRTP and ZRTP
encrypt the actual voice traffic.
Cheers,
j
Thanks Jeff,
I don't want SIP over TLS. I would like to encrypt password only, I
suppose over TLS.
Thanks,
_motty
The password isn't sent - SIP auth involves a challenge/response with
hashing (digest authentication). If that's all you are interested in,
you are already there.
Cheers,
j
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
