[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dan Wing wrote:
You understood it right. However, I am not as convinced that
all methods do support this requirement. E.g., how would ZRTP
support a PSTN GW. How would a user be able to read the SAS
as a PSTN user?
Right, the SAS can't be displayed and the user can't read it to
the other user. Of course, once the PSTN is involved there no
longer is end-to-end encryption, so even if you could read the
SAS it (and SRTP) only protects the VoIP portion of the call
But, to provide some security in such a situation zrtp-03
introduced the ability to sign the exchange using a
certificate. This certificate could be exchanged in, or
referenced in, SIP signaling (although how this is done isn't
specified in zrtp-03). By doing this, a PSTN gateway could
perform SAS validation on behalf of the user who cannot
perform SAS validation.
A similar technique could be used when modems or fax machines
are involved; they also cannot recite the SAS.
For when there is no human involved, there's also the option of the
applications comparing the SAS over an integrity-protected signaling
channel using the a=zrtp-sas SDP attribute. This has been in the
protocol since zrtp-02.