Re: [asterisk-users] End-To-End Secured Communications
Dear Kevin, Thanks for your answer. At least in this case, only TOP DOGS must be encrypted End-To-End while they are talking between them.. so Asterisk should be right solution, they would not take advantage of .. some Asterisk Features while they are talking between them, but all other extensions and when they talk with any other person, they would take full advantage of asterisk features. I've read ZRTP works this way end-to-end and man in the middle is not possible because end points negotiate security directly through RTP which is gonna flow between end points directly. But.. only softphones availables AFAIK Is possible to secure calls end-to-end with SRPT ? Thanks in advance. Best Regards, El 5/3/2012 9:22 AM, Kevin P. Fleming escribió: On 05/03/2012 07:17 AM, Fernando Berretta wrote: Hi, I'm analyzing how to make Asterisk communications secured End-To-End, and not sure which is the best approach, SRTP + TLS seems to be secured but.. at least by default, doesn't appear to be End-To-End allowing Asterisk administrators to wiretap communications.. some sites I've hear that with SRTP is also possible End Points exchange keys between them directly avoiding Man in the Middle, is it possible with asterisk ? how On the other hand I've found ZRTP seems to be secured end-to-end, but we couldn't find any IP phones with support for it.. just SoftPhones Could someone please point me to the right direction ? This is a fundamental architectural issue with all back-to-back User Agents used in SIP networks. They are pretty much by definition a 'man in the middle'. If they are used, the administrators will have access to call signaling and media for all calls passing through them. It is also important to realize that if you want end-to-end media security, then you would not be able to use any of Asterisk's features that involve media handling (transcoding, recording, whispering/spying, music-on-hold, conferencing, etc.) Given that, what you really want is a pure SIP proxy like Kamailio or OpenSIPs. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] End-To-End Secured Communications
On 05/03/2012 07:17 AM, Fernando Berretta wrote: Hi, I'm analyzing how to make Asterisk communications secured End-To-End, and not sure which is the best approach, SRTP + TLS seems to be secured but.. at least by default, doesn't appear to be End-To-End allowing Asterisk administrators to wiretap communications.. some sites I've hear that with SRTP is also possible End Points exchange keys between them directly avoiding Man in the Middle, is it possible with asterisk ? how On the other hand I've found ZRTP seems to be secured end-to-end, but we couldn't find any IP phones with support for it.. just SoftPhones Could someone please point me to the right direction ? This is a fundamental architectural issue with all back-to-back User Agents used in SIP networks. They are pretty much by definition a 'man in the middle'. If they are used, the administrators will have access to call signaling and media for all calls passing through them. It is also important to realize that if you want end-to-end media security, then you would not be able to use any of Asterisk's features that involve media handling (transcoding, recording, whispering/spying, music-on-hold, conferencing, etc.) Given that, what you really want is a pure SIP proxy like Kamailio or OpenSIPs. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] End-To-End Secured Communications
Hi, I'm analyzing how to make Asterisk communications secured End-To-End, and not sure which is the best approach, SRTP + TLS seems to be secured but.. at least by default, doesn't appear to be End-To-End allowing Asterisk administrators to wiretap communications.. some sites I've hear that with SRTP is also possible End Points exchange keys between them directly avoiding Man in the Middle, is it possible with asterisk ? how On the other hand I've found ZRTP seems to be secured end-to-end, but we couldn't find any IP phones with support for it.. just SoftPhones Could someone please point me to the right direction ? Thanks, Fernando -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users