> On Jul 19, 2025, at 11:59 PM, BENMOUSSA Yahia - Contractor via live-devel > <[email protected]> wrote: > > Since SRTP encryption key is exchanged using TLS, we need to guarantee a > maximum security to the TLS channel. We assume that if the TLS channel is > trusted, so is SRTP. > > The private CAs are needed because our RTSP clients don't have access > permissions to the system CA keystore. > > Moreover, it is not recommended to install private CA file in system wide CA > keystore. This may be considered as security issue. Usually, the OS CA > keystore contains only the public trusted CA files. If a given application > don't want to use these public CAs, it should manage its own private CAs.
Sorry, but I don’t understand this ‘word salad’ (“system wide CA keystore”, etc.). I still don’t understand why RTSP clients need to be given their own certificate (externally, before the TLS process even begins). Everybody else who uses RTSP with SRTP assumes that the RTSP servers have proper certificates installed. I don’t know what makes your environment different (special). It seems that I’m going to have to rely on someone else giving me a good explanation, before I make any changes to the supplied LIVE555 code. Ross Finlayson Live Networks, Inc. http://www.live555.com/ _______________________________________________ live-devel mailing list [email protected] http://lists.live555.com/mailman/listinfo/live-devel
