[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some views on Secure RTP
I have been following the discussion thread and I completely agree
with Craig on the virtues of using ZRTP. The ease of use of the
protocol to the end user cannot be understated and is the motivation
for adding ZRTP protocol support in Asterisk PBX. The implementation
has been smooth and the feedback has been rewarding. As a PBX the
Asterisk system will play host to a large number of users and we
need an easy to use solution for security. The verification by SAS
and forward security is easily understood by the vast majority of
users and they are not daunted by Certificates or Revocation Lists. I
do hope that IETF decides on ZRTP as the protocol of choice for
keying, to secure voice applications and calls.
On 13 Mar 2007, at 8:24 PM, Craig Southeren wrote:
I've been following the progress of secure RTP for some time,
I am interested in the technology and because my customers demand
thought I'd share my views now before the Prague IETF meeting in the
hope that perhaps they may be interest to those who make the
I'm seeing the same reasons over and over for why my customers
ZRTP. Frankly, I'm hard pressed to see why I should disagree.
1) ZRTP allows ad-hoc authentication without the need for a PKI. This
reduces the risk for enterprises as it does not require the
of a time intensive and expensive PKI. But, it can be upgraded
use a PKI when and if required.
2) Because it is contained completely within the RTP media channel,
can cross signalling protocol boundaries with no changes to the
infrastructure. Making a ZRTP call from a SIP endpoint to a H.323
endpoint is trivial even when the signalling entities do not have any
facility for including the additional messaging
3) The alternatives to ZRTP all seem to specify a dizzying array of
keying options that require changes to signalling channel which are
mostly "yet to be defined". As an example, the capabilities for H.
are nonsensically complex, and I'm still waiting for a clear leader
I'm in the process of adding support for ZRTP into the OPAL open
infrastructure, where it will be available for SIP and H.323 calls. In
fact, as most of the changes are only in the RTP stack only, there are
applications that will get ZRTP support simply because the use the
RTP stack, even though they use other signalling protocols.
The integration using Phils SDK has been mostly smooth sailing so far.
The only limiting factor so far as been my available time :)
Craig Southeren Post Increment – VoIP Consulting and
Phone: +61 243654666 ICQ: #86852844
Fax: +61 243656905 MSN: craig_southeren@xxxxxxxxxxx
Mobile: +61 417231046 Jabber: craigs@xxxxxxxxxx
"It takes a man to suffer ignorance and smile.
Be yourself, no matter what they say." Sting
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.