[SR-Users] Supporting TLS and DTLS in RTP Proxy

Andrew Pogrebennyk apogrebennyk at sipwise.com
Tue Oct 16 11:24:00 CEST 2012 

Kamal,
perhaps RFC 5763 provides you some of the answers?

On 10/16/2012 11:06 AM, Kamal Palei wrote:
> Hi Johansson, All
> Sincier regards and thanks for input.
>  
> As I understand,  all media packets pass through RTP Proxy.  The RTP
> Proxy will receive simple UDP media packets from endpoints. Next RTP
> proxy today pass those RTP packets to destination party.
>  
> My job is precisely to support TLS and DTLS path between RTP Proxy and
> destination party. In my setup the destination party is a media server.
>  
> Do you really see a risk to have this setup. If so, please elaborate.
>  
> I underdstand here the challenge setup TLS/DTLS connection with media
> server and send/recv media packets with server usuing either TLS or DTLS.
>  
> Also you mentioned "There's also solutions for RTP over DTLS" , can you
> please share from where I can get the reference solution, it help me to
> great extent.
>  
> Best Regards
> Kamal
> 
> On Tue, Oct 16, 2012 at 12:08 AM, Olle E. Johansson <oej at edvina.net
> <mailto:oej at edvina.net>> wrote:
> 
> 
>     15 okt 2012 kl. 13:24 skrev Peter Lemenkov <lemenkov at gmail.com
>     <mailto:lemenkov at gmail.com>>:
> 
>     > Hello.
>     >
>     > 2012/10/15 Kamal Palei <palei.kamal at gmail.com
>     <mailto:palei.kamal at gmail.com>>:
>     >> Hi All
>     >> I am planning to enhance RTP proxy to support TLS and DTLS.
>     >> We have some requirements where we need to send RTP packets
>     either over TLS
>     >> or over DTLS.
>     >
>     > Shouldn't it be better to rely on SRTP/ZRTP instead rather than making
>     > your own incompatible realisation?
> 
>     SRTP use DTLS for key exchange. There's also solutions for RTP over
>     DTLS,
>     but the recommended way is DTLS+SRTP. This is what's standardized
>     for WebRTC,
>     and the way forward for SIP media as well.
> 
>     However, I don't see how RTPproxy can be the endpoint for DTLS key
>     exchange, since
>     it breaks the end2end path. Clients should use TURN relays...
> 
>     Curious on how you see this working!
>     /O
>     _______________________________________________
>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>     sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> 
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list