how to Improve security in minisip?
Cesc
cesc.santa at gmail.com
Thu May 17 13:01:08 CEST 2007
Hi Werner,
Great info.
Actually I just follow lightly the rtpsec group, so I missed your last remarks.
As to what is good for minisip ... well, it gets a bit difficult, because having
Mikey ... and ZRTP already implemented ... adding DTLS just adds to
the complexity.
But I think that this is one of the reasons of minisip, to experiment
and give options.
Regards,
Cesc
PS - I think the link to the DTLS-attacks document is missing :)
On 5/17/07, Werner Dittmann <Werner.Dittmann at t-online.de> wrote:
> Hi Cesc, all,
>
> regarding DTLS/SRTP I was activly involved in the rtpsec discussions.
>
> The statement "ZRTP violates layer separation" is no longer true
> with the latest specification of ZRTP - it is not an protocol on its
> own and that uses the same RTP connection (multiplexing) similar to
> DTLS which is also using the same RTP connection.
>
> Here a link to d PDF doc that show some attacks to DTLS/SRTP (this
> is a document under construction, some chapters are missing). The
> attack I describe in the document was confirmed by some peer
> reviews.
>
> Just a few days ago I finished the implementation of ZRTP Version 3
> and I'm looking into the build process of minisip (again) to have
> a better separation, i.e. have the ZRTP library independent of minisp
> and provide only the minisip dependent glue code inside the minisip
> project. Of course the ZRTP lib is GPL :-) and will be available.
>
> Regards,
> Werner
>
>
> Cesc wrote:
> > On the ietf rtpsec group, there is quite some chatter about
> > multiplexing DTLS and RTP on the same transport addresses in order to
> > negotiate keying for SRTP ... they are pushing this instead of ZRTP,
> > which violetes layer separation ...
> > Anyway, take a good look at IETF's rtpsec work group's work ... it is
> > interesting.
> >
> > Cesc
> >
> > On 5/14/07, Mikael Magnusson <mikma264 at gmail.com> wrote:
> >> Nuno Carvalho wrote:
> >>> Hi,
> >>>
> >>>
> >>>
> >>> I´m interested in developing new security features in minisip for my master
> >>> thesis but I need some ideas of what to do or what to find.
> >>>
> >>> I already install a openser and use a secure connection with minisip.
> >>>
> >>> Please a need some help to start.
> >>>
> >>>
> >>>
> >>> Best regards,
> >>>
> >>> Nuno Carvalho
> >>>
> >> 1) sdescriptions RFC 4568. Doesn't really improve security, but
> >> interoperability. Sdescriptions is similar to MIKEY NULL, and needs
> >> S/MIME for end-to-end security. But most implementations only supports
> >> TLS, ie. hop-by-hop security and possibility for proxies to eavesdrop on
> >> the conversations.
> >>
> >> 2) Extend ZRTP support to latest draft. It's probably a matter of
> >> updating to current ZRTP implementation from GNU ccRTP.
> >>
> >> ZRTP is under evaluation by RTPSEC working group:
> >>
> >> http://www.ietf.org/internet-drafts/draft-wing-rtpsec-keying-eval-02.txt
> >> http://www3.ietf.org/proceedings/07mar/minutes/rtpsec.txt
> >>
> >>
> >> Mikael
> >> _______________________________________________
> >> Minisip-devel mailing list
> >> Minisip-devel at minisip.org
> >> http://lists.minisip.org/mailman/listinfo/minisip-devel
> >>
> > _______________________________________________
> > Minisip-devel mailing list
> > Minisip-devel at minisip.org
> > http://lists.minisip.org/mailman/listinfo/minisip-devel
> >
>
> _______________________________________________
> Minisip-devel mailing list
> Minisip-devel at minisip.org
> http://lists.minisip.org/mailman/listinfo/minisip-devel
>
More information about the Minisip-devel
mailing list