TLS is only used for signaling, that is to start the call. Regardless of TLS or other plain text transport, the server always know who and when your calling otherwise it cannot route the SIP packets to the destination. TLS is good against external parties that may tap into your network and this is it, but this is th last of your worries in today’s environment
Media is where your audio/video goes. Media is not using TLS, is separate from signaling. SDES is a mechanism used for exchanging the key used to encrypt the media path. The server has access to this key because is present in the siganling. But when using ZRTP instead of SDES, the server does not, and nobody can decrypt the media unless it is able to hack on of the end-points. All these are documented standards, you can find how they work easily. Adrian > On 11 Jan 2017, at 21:48, Mike Nagie <promike1...@gmail.com> wrote: > > Thank you for your help! > > On 17-01-10 17:22:55, Adrian Georgescu wrote: >> >>> Could I establish an encrypted connection between GXP1625 and Blink? >> >> It depends what encryption your hard phone uses. Blink supports SDES (server >> has access to the key) and ZRTP (end-to-end encryption and key exchange). I >> doubt the hard-phones implement ZRTP, typically they use SEDS which is >> broken by design. >> >> Practically if you want encryption where no intermediaries can listen in, >> you must use ZRTP. > > It says the device supports SRTP and TLS. > SRTP almost looks like ZRTP, but I assume they are not compatible at > all. > I don't quite understand this. Why do I need a second encryption and a > second lock icon in Blink if the whole connection is encrypted with TLS?! > I imagine TLS as an encrypted tube and data are decrypted at the > receiver. No one can eavesdrop. > Don't get me wrong. I'm happy with the double locks. I feel safe. > >> >>> (I would say yes, Sip is Sip, but I couldn't connect to the Ekiga server >>> with Blink. >> >> Is easy to see why, just open the Logs window an you can see what is wrong. > > > I think that's it: > > 2017-01-11 21:13:20.377948 [blink 18052]: DNS lookup NAPTR ekiga.net failed: > DNS response contains no answer > 2017-01-11 21:13:20.388680 [blink 18052]: DNS lookup TXT xcap.ekiga.net > failed: DNS record does not exist > 2017-01-11 21:13:20.400012 [blink 18052]: DNS lookup SRV _sips._tcp.ekiga.net > failed: DNS record does not exist > 2017-01-11 21:13:20.403648 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net > succeeded, ttl=86400: 0 0 5060 ekiga.net. > 2017-01-11 21:13:20.404331 [blink 18052]: DNS lookup A ekiga.net. succeeded, > ttl=86176: 86.64.162.35 > 2017-01-11 21:13:20.413414 [blink 18052]: DNS lookup SRV _sips._tcp.ekiga.net > failed: DNS record does not exist > 2017-01-11 21:13:20.413796 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net > succeeded, ttl=86400: 0 0 5060 ekiga.net. > 2017-01-11 21:13:20.414049 [blink 18052]: DNS lookup A ekiga.net. succeeded, > ttl=86176: 86.64.162.35 > 2017-01-11 21:13:20.439087 [blink 18052]: DNS lookup SRV _sip._tcp.ekiga.net > failed: DNS record does not exist > 2017-01-11 21:13:20.439459 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net > succeeded, ttl=86400: 0 0 5060 ekiga.net. > 2017-01-11 21:13:20.439710 [blink 18052]: DNS lookup A ekiga.net. succeeded, > ttl=86176: 86.64.162.35 > 2017-01-11 21:13:20.452356 [blink 18052]: DNS lookup SRV _sip._tcp.ekiga.net > failed: DNS record does not exist > 2017-01-11 21:13:20.463967 [blink 18052]: SENDING: Packet 3, +0:01:17.216134 > >>> Thanks a lot! >>> _______________________________________________ >>> Blink mailing list >>> Blink@lists.ag-projects.com >>> http://lists.ag-projects.com/mailman/listinfo/blink >>> >> >> _______________________________________________ >> Blink mailing list >> Blink@lists.ag-projects.com >> http://lists.ag-projects.com/mailman/listinfo/blink > > _______________________________________________ > Blink mailing list > Blink@lists.ag-projects.com > http://lists.ag-projects.com/mailman/listinfo/blink > _______________________________________________ Blink mailing list Blink@lists.ag-projects.com http://lists.ag-projects.com/mailman/listinfo/blink
