10 Apr
2024
10 Apr
'24
6:14 a.m.
On Apr 9, 2024, at 7:25 PM, David Cunningham via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Thank you very much for the information. In our Kamailio configuration the
rtpengine_manage() lines have "SDES-off", so presumably then we are using DTLS?
Exactly so. My response was more presumptuous than Richard's, because SDES has fallen
out of fashion.
Are either SDES or DTLS considered more secure or
"better" in any way?
Exchanging keys directly in the SDP body is rather suboptimal from a security standpoint,
even if the signalling is encrypted, but it's certainly simpler.
I suppose that makes DTLS "more secure", but in every other sense, I'm not
sure DTLS is "better". W3C WebRTC standards mandate DTLS-SRTP, as far as I know,
so I suppose it's more fit for that purpose.
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800