Actually it's not that bad: using SIP, the RTP packets can be protected by SRTP (RFC3711, with an opensource implementation from Cisco at http://srtp.sourceforge.net/ )
SRTP...heh. Take a look at RFC3711 for a second.
"
Specification of a key management protocol for SRTP is out of scope here. Section 8.2, however, provides guidance on the parameters that need to be defined for the default and mandatory transforms.
"
VOIP KEX. *shudders* Voice is...unique. Session redirection is a first class function, as is active proxying, up to and including proxies that are payload-destructive (conference stream mixing). KEX in such an environment is a really painful problem, compared to the relatively solvable one of specifying a loss-tolerant encryption protocol. So, they only solved the latter, and figured something would come along for the former.
Didn't really happen.
(Full Disclosure: I work for Avaya, whose had a proprietary KEX implementation that handles all of this for the last few years. So it's not an unsolvable problem or anything like that. It's just really annoyingly hard.)
--Dan
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
