Howto:SIPS will work with V7: Difference between revisions
Line 21: | Line 21: | ||
===Key exchange=== | ===Key exchange=== | ||
In an SDP message we will send | In an SDP message we will send an attribute like this | ||
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:fcUai9fK58dEKsmEQp4b5nylUROLpze0jLVyaE5i | a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:fcUai9fK58dEKsmEQp4b5nylUROLpze0jLVyaE5i | ||
This menas that SRTP will be used | This menas that SRTP will be used with AES-128 using a 32 Bit hash and the key fcUai9fK58dEKsmEQp4b5nylUROLpze0jLVyaE5i. | ||
The whole SDP message will be sent encryped via TLS | The whole SDP message will be sent encryped via TLS to protect the key. | ||
===SRTP=== | ===SRTP=== |
Revision as of 12:00, 14 November 2007
Applies To
This information applies to
- all innovaphone devices with V7
More Information
This information is for future release and describes baisicly how we will implement secure sip.
This information is not confirmed now it is an basic overview how we will implement SIPS.
Secure SIP is a security mechanism defined by SIP RFC 3261 for sending SIP messages over a Transport Layer Security-encrypted channel.
Originally used for securing HTTP sessions, TLS can be repurposed to protect SIP session communications from eavesdropping or tampering.
Key exchange
In an SDP message we will send an attribute like this
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:fcUai9fK58dEKsmEQp4b5nylUROLpze0jLVyaE5i
This menas that SRTP will be used with AES-128 using a 32 Bit hash and the key fcUai9fK58dEKsmEQp4b5nylUROLpze0jLVyaE5i.
The whole SDP message will be sent encryped via TLS to protect the key.
SRTP
innovaphone will support
AES 128
AES 192
AES 256
all with 32 or 80 bit hash
SIPS
Sips menas SIP via TLS - we will implement sip via TCP and TLS
TLS
innovaphone will support
RSA with 3DES
RSA with 128
RSA with 256
Certificate
Still in development - the definitively solution is not fixed now.
The certificate gives the public key an identity
We will use the X.509 certificate
There will be a possibility that you can use your own certificate.