[SR-Users] Eavesdropping SRTP sessions
Mino Haluz
mino.haluz at gmail.com
Tue Nov 27 21:38:43 CET 2012
Hi,
maybe it is not that kamailio related question, but I dont know any other
place with such good voip professionals ;) I have kamailio and mediaproxy.
Clients are BudgetTone 200 (Grandstream) and CSipSimple. I am forcing
clients to use SRTP but it does not support adding any certificate on both
sides. SRTP call is working fine.
The question is, in this case, is man-in-the-middle attack possible? Maybe
I should study SRTP more, but basically, if there are no certificates,
there is no method how to be 100% sure that the media goes directly between
clients. Is it true?
Thanks for response,
Mino
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121127/9cf3ef6b/attachment.htm>
More information about the sr-users
mailing list