[Kamailio-Users] stun/outbound draft...
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jan 8 14:38:43 CET 2009
Hello,
On 01/04/2009 04:22 PM, Aymeric Moizard wrote:
> [...]
> Let's describe a case:
>
> I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm
> calling somebody (a UA of course) who is able to decrypt it.
>
> Whatever trick you provide, I will not have always voice (except
> if ICE is supported or if the NAT are kind with me)
>
> Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt
> their signalling. NEVER encrypt their signalling.
>
do you mean end-to-end encryption just for SDP? Going over NAT using TLS
is just fine.
Still you can encrypt parts of the SDP, just the signaling coordinates
for RTP need to be clear. Some of those details are part of other SIP
headers, the content of media stream can be SRTPed.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com
More information about the Users
mailing list