Re: [Asterisk-Security] adding a TCP support to Asterisk ....

Sat, 15 Jul 2006 07:18:29 -0700 

Yes, it will be soon possible to secure SIP over UDP with DTLS. However, as
you say, its use with SIP is still at draft stage.
Then again, even SIP over TLS, which has been officialized four years ago by RFC 3261, still has very limited support by manufacturers :-( 

Enzo
----- Original Message ----- From: "Marc Blanchet" <[EMAIL PROTECTED]> 
Sent: Saturday, July 15, 2006 9:23 PM


however, that statement (TCP gives TLS) is no longer true since TLS  over
UDP (DTLS) is now defined (RFC4347) and sip using DTLS is in draft.

Marc.

Le 06-07-14 à 09:08, Enzo Michelangeli a écrit :


----- Original Message ----- From: "Bret McDanel" <[EMAIL PROTECTED]>
Sent: Friday, July 14, 2006 9:05 PM


On Fri, 2006-07-14 at 05:49 -0700, vivek relan wrote:

Hi everybody,

                If we add the TCP support to the Asterisk, will it
provide same voice quality and what will be the impact on delay,
security and performance ?

                Waiting for the suggestion !!!



If you have a dropped packet it will cause horrible delay until that
packet is retransmitted.  Basically its not advisable for things that
can tolerate some packet loss and require 'real time' processing.


Well, TCP should be used as transport for the SIP signalling,  rather
than for the media data. The main advantage of using TCP is  that TLS
becomes immediately available as security layer ("sips"  URI's) so the
session key used to secure the media data with SRTP
(http://srtp.sourceforge.net/srtp.html ) can be easily transmitted  as
cleartext (encapsulated in TLS) rather than having to rely on  awkward
content encryption schemes such as S/MIME.

Of course, this all applies to SIP sessions, not IAX2.

Enzo

_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Security mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-security




=========
IPv6 book: Migrating to IPv6, Wiley, 2006. http://www.ipv6book.ca



_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Security mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-security



_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Security mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-security

Reply via email to