On Apr 9, 2024, at 7:25 PM, David Cunningham via sr-users sr-users@lists.kamailio.org wrote:
Thank you very much for the information. In our Kamailio configuration the rtpengine_manage() lines have "SDES-off", so presumably then we are using DTLS?
Exactly so. My response was more presumptuous than Richard's, because SDES has fallen out of fashion.
Are either SDES or DTLS considered more secure or "better" in any way?
Exchanging keys directly in the SDP body is rather suboptimal from a security standpoint, even if the signalling is encrypted, but it's certainly simpler.
I suppose that makes DTLS "more secure", but in every other sense, I'm not sure DTLS is "better". W3C WebRTC standards mandate DTLS-SRTP, as far as I know, so I suppose it's more fit for that purpose.
-- Alex