Thank you for clarifying it, now I have some clues in my hands. I tried to look up these things but my knowledge was so insufficient that I didn't understand the whole thing.
On 17-01-11 22:08:34, Adrian Georgescu wrote: > TLS is only used for signaling, that is to start the call. Regardless of TLS > or other plain text transport, the server always know who and when your > calling otherwise it cannot route the SIP packets to the destination. TLS is > good against external parties that may tap into your network and this is it, > but this is th last of your worries in today’s environment > > Media is where your audio/video goes. Media is not using TLS, is separate > from signaling. > > SDES is a mechanism used for exchanging the key used to encrypt the media > path. The server has access to this key because is present in the siganling. > But when using ZRTP instead of SDES, the server does not, and nobody can > decrypt the media unless it is able to hack on of the end-points. > > All these are documented standards, you can find how they work easily. > > Adrian > > > > On 11 Jan 2017, at 21:48, Mike Nagie <[email protected]> wrote: > > > > Thank you for your help! > > > > On 17-01-10 17:22:55, Adrian Georgescu wrote: > >> > >>> Could I establish an encrypted connection between GXP1625 and Blink? > >> > >> It depends what encryption your hard phone uses. Blink supports SDES > >> (server has access to the key) and ZRTP (end-to-end encryption and key > >> exchange). I doubt the hard-phones implement ZRTP, typically they use SEDS > >> which is broken by design. > >> > >> Practically if you want encryption where no intermediaries can listen in, > >> you must use ZRTP. > > > > It says the device supports SRTP and TLS. > > SRTP almost looks like ZRTP, but I assume they are not compatible at > > all. > > I don't quite understand this. Why do I need a second encryption and a > > second lock icon in Blink if the whole connection is encrypted with TLS?! > > I imagine TLS as an encrypted tube and data are decrypted at the > > receiver. No one can eavesdrop. > > Don't get me wrong. I'm happy with the double locks. I feel safe. > > > >> > >>> (I would say yes, Sip is Sip, but I couldn't connect to the Ekiga server > >>> with Blink. > >> > >> Is easy to see why, just open the Logs window an you can see what is wrong. > > > > > > I think that's it: > > > > 2017-01-11 21:13:20.377948 [blink 18052]: DNS lookup NAPTR ekiga.net > > failed: DNS response contains no answer > > 2017-01-11 21:13:20.388680 [blink 18052]: DNS lookup TXT xcap.ekiga.net > > failed: DNS record does not exist > > 2017-01-11 21:13:20.400012 [blink 18052]: DNS lookup SRV > > _sips._tcp.ekiga.net failed: DNS record does not exist > > 2017-01-11 21:13:20.403648 [blink 18052]: DNS lookup SRV > > _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net. > > 2017-01-11 21:13:20.404331 [blink 18052]: DNS lookup A ekiga.net. > > succeeded, ttl=86176: 86.64.162.35 > > 2017-01-11 21:13:20.413414 [blink 18052]: DNS lookup SRV > > _sips._tcp.ekiga.net failed: DNS record does not exist > > 2017-01-11 21:13:20.413796 [blink 18052]: DNS lookup SRV > > _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net. > > 2017-01-11 21:13:20.414049 [blink 18052]: DNS lookup A ekiga.net. > > succeeded, ttl=86176: 86.64.162.35 > > 2017-01-11 21:13:20.439087 [blink 18052]: DNS lookup SRV > > _sip._tcp.ekiga.net failed: DNS record does not exist > > 2017-01-11 21:13:20.439459 [blink 18052]: DNS lookup SRV > > _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net. > > 2017-01-11 21:13:20.439710 [blink 18052]: DNS lookup A ekiga.net. > > succeeded, ttl=86176: 86.64.162.35 > > 2017-01-11 21:13:20.452356 [blink 18052]: DNS lookup SRV > > _sip._tcp.ekiga.net failed: DNS record does not exist > > 2017-01-11 21:13:20.463967 [blink 18052]: SENDING: Packet 3, +0:01:17.216134 > > > >>> Thanks a lot! > >>> _______________________________________________ > >>> Blink mailing list > >>> [email protected] > >>> http://lists.ag-projects.com/mailman/listinfo/blink > >>> > >> > >> _______________________________________________ > >> Blink mailing list > >> [email protected] > >> http://lists.ag-projects.com/mailman/listinfo/blink > > > > _______________________________________________ > > Blink mailing list > > [email protected] > > http://lists.ag-projects.com/mailman/listinfo/blink > > > > _______________________________________________ > Blink mailing list > [email protected] > http://lists.ag-projects.com/mailman/listinfo/blink -- You may be a victim of software counterfeiting _______________________________________________ Blink mailing list [email protected] http://lists.ag-projects.com/mailman/listinfo/blink
