8 Jan
2009
8 Jan
'09
8:38 a.m.
Hello,
On 01/04/2009 04:22 PM, Aymeric Moizard wrote:
[...]
Let's describe a case:
I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm
calling somebody (a UA of course) who is able to decrypt it.
Whatever trick you provide, I will not have always voice (except
if ICE is supported or if the NAT are kind with me)
Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt
their signalling. NEVER encrypt their signalling.
do you mean end-to-end encryption just for SDP? Going over NAT using TLS
is just fine.
Still you can encrypt parts of the SDP, just the signaling coordinates
for RTP need to be clear. Some of those details are part of other SIP
headers, the content of media stream can be SRTPed.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com