[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] ZRTP and TLS

From: Alexander Kraemer
Subject: Re: [Linphone-developers] ZRTP and TLS
Date: Thu, 16 Jan 2020 08:22:40 -0800 (PST)

It is better to use  hardened endpoints and servers implementing:
1) (application layer security with )
 TLS1.3 to initiate a client-(flexi-sip)-server authorization preferably with 
your own CA (Certificate Authority) and client cert's ,

2)( e2e encryption with)
zrtp to establish end2end encryption between clients,

3) ( network layer security )
to tunnel the client server client traffic through secure-core.

----- Original Message -----
From: Greg Troxel <address@hidden>
Sent: 01/14/2020 - 16:53
To: Werner Dittmann <address@hidden>
Subject: Re: [Linphone-developers] ZRTP and TLS

> Werner Dittmann <address@hidden> writes:
>> Actually, if you use ZRTP then there is no need to use TLS for SIP because 
>> ZRTP negotiates
>> it's keys inband end-to-end using RTP over UDP. This is the main difference 
>> to SDES where the
>> key parameters are embedded within SIP headers and thus you must run SIP 
>> over TLS.
> I see the point that TLS is not needed for ZRTP to protect the contents.
> But it's still necessary to protect the signalling channel, so that
> passive eavesdroppers cannot steal the SIP login credentials.
> I don't understand the notion of not using TLS, assuming it is feasible.
> _______________________________________________
> Linphone-developers mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]