2 short questions about SDP encryption key, 1. According to the spec, the session negotiation only negotiates the key, not the algorithm used for encryption/decryption, What algorithm will be used? Is it decided by the application? 2. Another thing is that the session key negotiation sends key in clear text, which can be easily snooped by an attacker. Can we use TLS/SSL to encrypt the session KEY? If we use TLS/SSL, will it encrypt the whole TCP content(including the SIP header, SDP content)? Thanks a lot.
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
