Versions Compared

Old Version 6

changes.mady.by.user John Shaheen

Saved on

compared with

New Version 7

changes.mady.by.user John Shaheen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
Target release6.8.0
Epic
Jira Legacy
serverDialogic JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId8f70d0a4-20da-363f-81e2-5b2706a93a6a
keyBRKT-430
Feature Request
Jira Legacy
serverDialogic JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId8f70d0a4-20da-363f-81e2-5b2706a93a6a
keyBRKT-236
Document status
Status
titleDRAFT
Document owner

John Shaheen

Goals

  • Implement support for SIP over TLS on the SR140
  • Method to secure the SIP signaling exchange, to protect headers, addresses and SDP
  • Method to protect SDES SRTP key exchange which occurs in the crypto attr of the SDP (without SIP TLS, SDES is unsecure)

...

http://www.dialogic.com/webhelp/BorderNet2020/2.2.0/WebHelp/default.htm

 

 

 

Requirements

#TitleImportanceNotes
1SHALL support SIP with TLS (RFC5246) and use cases shall follow SIP TLS examples shown in RFC6216 (SIP Secure Call Flows)
2SHALL support SIP TLS with SSLv3 and TLSv1 security  
3SHALL support standard cipher suites, such as: TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5		  
4

SHALL allow SIP TLS to establish RTP media with G.711 or to establish T.38

SIP TLS SHALL be independent of media.  It SHALL not be required to use SIP TLS to establish a secure media channel. 

  
 Config Tool Requirements  
5SHALL allow a configurable port for SIP TLS(through the Config Tool); the default port SHALL be 5061  
6SHALL provide certificate management capability. Customers will require a method to create, store and select certificates, as well as to export certificate to use on the remote endpoint.  This capability SHALL be built into (Config Tool?).  
    
7SIP TLS implementation SHALL be tested against a variety of endpoints and network equipment for accurate implementation. BN2020 gateway, Cisco Gateway, SIP registrar (such as OpenSIPS)
8SIP over TLS supported on by a single license keywork (TBD). This keyword enables TLS functionality on a per system basis.  
 Documentation Requirements TBD  
 COO Will need to be updated with changes to include OpenSSL into the product  
 Part numbers will need to be defined for SR140 with Security.
Add on part will need to be defined to add security to an existing SR140 deployment. 		  
    

User interaction and design

...

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcome

Not Doing