Re: Some views on Secure RTP

[Sagar Pai <sagar@xxxxxxxxxx>]

Hi All,

I have been following the discussion thread and I completely agree  
with Craig on the virtues of using ZRTP.  The ease of use of the  
protocol to the end user cannot  be understated and is the motivation  
for adding ZRTP protocol support in Asterisk PBX. The implementation   
has been smooth and the feedback has been rewarding. As a PBX the  
Asterisk system will play host to a large number of users  and we  
need an easy to use solution for security. The verification by SAS   
and forward security is easily understood by the vast majority of  
users and they are not daunted by Certificates or Revocation Lists. I  
do hope that IETF decides on ZRTP as the protocol of choice for  
keying, to secure voice applications and calls.


Regards,
Sagar Pai

On 13 Mar 2007, at 8:24 PM, Craig Southeren wrote:

> To all,
>
>    I've been following the progress of secure RTP for some time,  
> because
> I am interested in the technology and because my customers demand  
> it. I
> thought I'd share my views now before the Prague IETF meeting in the
> hope that perhaps they may be interest to those who make the  
> decisions.
>
>   I'm seeing the same reasons over and over for why my customers  
> prefer
> ZRTP. Frankly, I'm hard pressed to see why I should disagree.
>
> 1) ZRTP allows ad-hoc authentication without the need for a PKI. This
> reduces the risk for enterprises as it does not require the  
> installation
> of a time intensive and expensive PKI. But, it can be upgraded  
> easily to
> use a PKI when and if required.
>
> 2) Because it is contained completely within the RTP media channel,  
> ZRTP
> can cross signalling protocol boundaries with no changes to the  
> signalling
> infrastructure. Making a ZRTP call from a SIP endpoint to a H.323
> endpoint is trivial even when the signalling entities do not have any
> facility for including the additional messaging
>
> 3) The alternatives to ZRTP all seem to specify a dizzying array of
> keying options that require changes to signalling channel which are
> mostly "yet to be defined". As an example, the capabilities for H. 
> 235.SRTP
> are nonsensically complex, and I'm still waiting for a clear leader  
> for
> SIP keying.
>
> I'm in the process of adding support for ZRTP into the OPAL open  
> source
> infrastructure, where it will be available for SIP and H.323 calls. In
> fact, as most of the changes are only in the RTP stack only, there are
> applications that will get ZRTP support simply because the use the  
> OPAL
> RTP stack, even though they use other signalling protocols.
>
> The integration using Phils SDK has been mostly smooth sailing so far.
> The only limiting factor so far as been my available time :)
>
>    Craig
>
> ---------------------------------------------------------------------- 
> -
>  Craig Southeren          Post Increment – VoIP Consulting and  
> Software
>  craigs@xxxxxxxxxxxxxxxxxxxx                    
> www.postincrement.com.au
>
>  Phone:  +61 243654666      ICQ: #86852844
>  Fax:    +61 243656905      MSN: craig_southeren@xxxxxxxxxxx
>  Mobile: +61 417231046      Jabber: craigs@xxxxxxxxxx
>
>  "It takes a man to suffer ignorance and smile.
>   Be yourself, no matter what they say."   Sting
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.