[SR-Users] Supporting TLS and DTLS in RTP Proxy

Klaus Darilion klaus.mailinglists at pernau.at
Tue Oct 16 13:28:33 CEST 2012 

Not sure if this RFC is the thing Kamal is looking for. AFAIS this RFC 
is about setting up an SRTP sessions, and the key exchange for the SRTP 
session does not happen via SIP (like SDES), but via a DTLS session 
which is performed before sending SRTP packets multiplexed on the media 
ports.

regards
Klaus

On 16.10.2012 11:24, Andrew Pogrebennyk wrote:
> Kamal,
> perhaps RFC 5763 provides you some of the answers?
>
> On 10/16/2012 11:06 AM, Kamal Palei wrote:
>> Hi Johansson, All
>> Sincier regards and thanks for input.
>>
>> As I understand,  all media packets pass through RTP Proxy.  The RTP
>> Proxy will receive simple UDP media packets from endpoints. Next RTP
>> proxy today pass those RTP packets to destination party.
>>
>> My job is precisely to support TLS and DTLS path between RTP Proxy and
>> destination party. In my setup the destination party is a media server.
>>
>> Do you really see a risk to have this setup. If so, please elaborate.
>>
>> I underdstand here the challenge setup TLS/DTLS connection with media
>> server and send/recv media packets with server usuing either TLS or DTLS.
>>
>> Also you mentioned "There's also solutions for RTP over DTLS" , can you
>> please share from where I can get the reference solution, it help me to
>> great extent.
>>
>> Best Regards
>> Kamal
>>
>> On Tue, Oct 16, 2012 at 12:08 AM, Olle E. Johansson <oej at edvina.net
>> <mailto:oej at edvina.net>> wrote:
>>
>>
>>      15 okt 2012 kl. 13:24 skrev Peter Lemenkov <lemenkov at gmail.com
>>      <mailto:lemenkov at gmail.com>>:
>>
>>      > Hello.
>>      >
>>      > 2012/10/15 Kamal Palei <palei.kamal at gmail.com
>>      <mailto:palei.kamal at gmail.com>>:
>>      >> Hi All
>>      >> I am planning to enhance RTP proxy to support TLS and DTLS.
>>      >> We have some requirements where we need to send RTP packets
>>      either over TLS
>>      >> or over DTLS.
>>      >
>>      > Shouldn't it be better to rely on SRTP/ZRTP instead rather than making
>>      > your own incompatible realisation?
>>
>>      SRTP use DTLS for key exchange. There's also solutions for RTP over
>>      DTLS,
>>      but the recommended way is DTLS+SRTP. This is what's standardized
>>      for WebRTC,
>>      and the way forward for SIP media as well.
>>
>>      However, I don't see how RTPproxy can be the endpoint for DTLS key
>>      exchange, since
>>      it breaks the end2end path. Clients should use TURN relays...
>>
>>      Curious on how you see this working!
>>      /O
>>      _______________________________________________
>>      SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>      sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>>      http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list