Ben Klang wrote:
<snip>
The pjsip configuration keys are subtly different for SIP+TLS on the
transport vs. RTP+DTLS on the endpoint. Examples:
cert_file =X ; transport
dtls_cert_file = X ; endpoint
; dtls_ prefix, weird but ok - srtp doesn’t appear to have a
corresponding setting, so do we even need the prefix?
sdes again here.
Since SDES negotiates SRTP, it also uses certificates, right? I didn't notice
any srtp_ prefixed confit options. Does it use the dtls_ prefixed ones?
It does not. Each side generates a key and this is included in the SDP
as the crypto attribute. That's why for SDES you need to protect the SIP
signaling, or else someone will know your encryption key. In the case of
DTLS since it's negotiated outside of the signaling it doesn't matter as
much. The most they could see is the fingerprint of the certificate on
each side.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
