[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-developers] ZRTP and TLS
From: |
Greg Troxel |
Subject: |
Re: [Linphone-developers] ZRTP and TLS |
Date: |
Tue, 14 Jan 2020 19:53:19 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix) |
Werner Dittmann <address@hidden> writes:
> Actually, if you use ZRTP then there is no need to use TLS for SIP because
> ZRTP negotiates
> it's keys inband end-to-end using RTP over UDP. This is the main difference
> to SDES where the
> key parameters are embedded within SIP headers and thus you must run SIP over
> TLS.
I see the point that TLS is not needed for ZRTP to protect the contents.
But it's still necessary to protect the signalling channel, so that
passive eavesdroppers cannot steal the SIP login credentials.
I don't understand the notion of not using TLS, assuming it is feasible.