Re: Some views on Secure RTP

[Werner Dittmann <Werner.Dittmann@xxxxxxxxxxx>]

David McGrew wrote:
>
.... deleted .....

>> I'm in the process of adding support for ZRTP into the OPAL open source
>> infrastructure, where it will be available for SIP and H.323 calls. In
>> fact, as most of the changes are only in the RTP stack only, there are
>> applications that will get ZRTP support simply because the use the OPAL
>> RTP stack, even though they use other signalling protocols.
> 
> Do you think that code re-use of TLS would be useful?  Those signaling
> protocols use [D]TLS to provide their security, and I believe that
> openh323 uses openssl.  There is a DTLS-SRTP implementation in a contrib
> branch of openssl (it compiles with libsrtp); I'd be happy to point it
> out to you if you want to check out it.

Regarding reuse of code and proven implemetations: my open source
implementation of ZRTP uses openSSL or libgcrypt (can be selected according
to what is available or which license shall be used) to do the real
"hard work"; SHA-*, HMAC, crypto algorithms. The ZRTP implementation
as such is responsible for the protocol state engine, packet formats, etc.
>From that point of view ZRTP is as reliable and secure as the openSSL
or libgcrypt implementations of the security functions.

Regards,
Werner


> 
> best regards,
> 
> David
> 
>>
>> The integration using Phils SDK has been mostly smooth sailing so far.
>> The only limiting factor so far as been my available time :)
>>
>>    Craig
>>
>> -----------------------------------------------------------------------
>>  Craig Southeren          Post Increment – VoIP Consulting and Software
>>  craigs@xxxxxxxxxxxxxxxxxxxx                   www.postincrement.com.au
>>
>>  Phone:  +61 243654666      ICQ: #86852844
>>  Fax:    +61 243656905      MSN: craig_southeren@xxxxxxxxxxx
>>  Mobile: +61 417231046      Jabber: craigs@xxxxxxxxxx
>>
>>  "It takes a man to suffer ignorance and smile.
>>   Be yourself, no matter what they say."   Sting
>>
> 
>