8 Jan
2009
8 Jan
'09
1:38 p.m.
Hello,
On 01/04/2009 04:22 PM, Aymeric Moizard wrote:
[...] Let's describe a case:
I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm calling somebody (a UA of course) who is able to decrypt it.
Whatever trick you provide, I will not have always voice (except if ICE is supported or if the NAT are kind with me)
Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt their signalling. NEVER encrypt their signalling.
do you mean end-to-end encryption just for SDP? Going over NAT using TLS is just fine.
Still you can encrypt parts of the SDP, just the signaling coordinates for RTP need to be clear. Some of those details are part of other SIP headers, the content of media stream can be SRTPed.
Cheers, Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com