[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-developers] Question About Security Feature
|
From: |
Werner Dittmann |
|
Subject: |
Re: [Linphone-developers] Question About Security Feature |
|
Date: |
Sat, 02 Feb 2013 08:11:35 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
Am 01.02.2013 21:39, schrieb Mohamad Mansouri:
> hello dears
> i confused about security feature in linphone APP:
> ZRTP is key management and agreement protocol and SRTP is security profile
> for RTP protocol. SRTP get it's needed security parameters form another
> protocol such
> as ZRTP or MIKEYor SDES, ok?
Yes, correct.
> now when we choice SRTP in encryption menu not ZRTP, where SRTP found it's
> needed security parameters such as key for AES algorithm? or in another
> situation,
> using ZRTP alone how could secure my call While the SRTP not actived?
ZRTP activates and uses SRTP implicitly if you enable ZRTP
Without knowing the Linphone implementation in detail my guess is that if just
only enable
SRTP then Linphone uses SDES to exchange the crypto information. In this case
it is mandatory
that you use an ecrypted SIP connection (SIPS) and a trustworthy SIP server/SIP
proxy. SDES
exhanges the crypto data (keys for example) in clear text in the SIP/SDP data.
Therefore
not using encryptd SIP moots security. Also keep in mind: the encrypted SIP
(SIPS) only
encrypts the data between the client and the SIP server/proxy, thus the SIP
server/proxy
knows about all the keys!
ZRTP uses the media channel, end-to-end, directly between clients to negotiate
the keys etc
and it's much more secure in that regard.
Werner
>
>
> _______________________________________________
> Linphone-developers mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-developers
>
--
----------------------------------------------
Werner Dittmann address@hidden
Tel +49 173 44 37 659
PGP key: 82EF5E8B