VoIP Mailing List Archives :: View topic - [asterisk-users] srtp/dtls when sip is clear over lo

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] srtp/dtls when sip is clear over lo

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

cloos at jhcloos.com
Guest

Posted: Fri Apr 25, 2014 6:21 pm Post subject: [asterisk-users] srtp/dtls when sip is clear over lo

Given a box with a sip proxy listen(2)ing on 0.0.0.0 and chan_sip or chan_pjsip listen(2)ing on 127.0.0.1, with ast sending rtp directly, will ast negotiate srtp or dtls even ast and the proxy speak sip in the clear over the lo interface? Avoiding encryption over lo can aid debugging, but will doing so also block secure media? -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

jcolp at digium.com
Guest

Posted: Fri Apr 25, 2014 7:24 pm Post subject: [asterisk-users] srtp/dtls when sip is clear over lo

James Cloos wrote:

Quote:

Given a box with a sip proxy listen(2)ing on 0.0.0.0 and chan_sip or
chan_pjsip listen(2)ing on 127.0.0.1, with ast sending rtp directly,
will ast negotiate srtp or dtls even ast and the proxy speak sip in
the clear over the lo interface?

Avoiding encryption over lo can aid debugging, but will doing so also
block secure media?

The media is not carried over the SIP signaling, it is negotiated using
SDP and flows over different ports. Unless you also do media
manipulation in the SIP proxy then it won't touch that.

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

cloos at jhcloos.com
Guest

Posted: Sat Apr 26, 2014 5:30 pm Post subject: [asterisk-users] srtp/dtls when sip is clear over lo

Quote:

"JColp" == Joshua Colp <jcolp@digium.com> writes:

JColp> The media is not carried over the SIP signaling,

Please give some credit, eh?

Given the sdp-negotiated srtp is not secure unless the sip is carried
over tls, the Best Practice is to require tls (or even sips: uris) to
agree to srtp.

Are you saying that asterisk doesn't care whether the sip is secure and
will happily negotiate srtp depending only on whether the remote is
willing to do so? (That may come off as harsh; I do not mean it to be
so, since it is what I want. Smile

And does anyone here have any operational experience on the matter of
what other endpoints are willing to do in such cases?

Thanks,

-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

jcolp at digium.com
Guest

Posted: Sat Apr 26, 2014 5:34 pm Post subject: [asterisk-users] srtp/dtls when sip is clear over lo

James Cloos wrote:

Quote:

"JColp" == Joshua Colp<jcolp@digium.com> writes:

If you are referring to SDES then yes, unless you can consider the
network completely trusted even without TLS.

Quote:

Are you saying that asterisk doesn't care whether the sip is secure and
will happily negotiate srtp depending only on whether the remote is
willing to do so? (That may come off as harsh; I do not mean it to be
so, since it is what I want. Smile

Yes.

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

cloos at jhcloos.com
Guest

Posted: Sun Apr 27, 2014 10:07 am Post subject: [asterisk-users] srtp/dtls when sip is clear over lo

Quote:

"JColp" == Joshua Colp <jcolp@digium.com> writes:

Quote:

JColp> Yes.

Thanks!

-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum