Versions Compared

Version Old Version 3 New Version 4
Changes made by

John Shaheen

John Shaheen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
Target release6.8.0
Epic

Jira Legacy
serverDialogic JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId8f70d0a4-20da-363f-81e2-5b2706a93a6a
keyBRKT-563

Feature Request

Jira Legacy
serverDialogic JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId8f70d0a4-20da-363f-81e2-5b2706a93a6a
keyBRKT-41

Document status
Status
titleDRAFT
Document owner

John Shaheen

Goals

    • The purpose of this feature is to provide media encryption for traditional SIP and VoIP environments
    • Enable SRTP through standard SDP parameters, with and without need for SIP TLS

...

SDES is a method to pass encryption keys through standard SDP.  Customers are looking to be able to encrypt media on SIP and standard VoIP networks. This feature will support securiting the fax media stream when using G.711 mode.  It  This feature does not cover secure securing T.38 media and secure or securing call-control (SIP over TLS).

...

This feature covers the addition of SDES for key exchange for establishment of SRTP on PowerMedia XMSthe SR140.  Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys.  The key exchange mechanism commonly used in VoIP sessions is called SDES (Security Descriptions for Media Streams).  Using SDES the SRTP keys are negotiated in the SDP of the offer/answer model of a SIP exchange, using an SDP attribute called “crypto” which provides the cryptographic parameters of the requested media stream and other parameters that can be used to configure the SRTP media stream. 

The use of SDES to exchange the keys is not a secure method, since the crypto key is transferred in the SDP as plain text string.  The SDP “crypto” security description is normally used where IPsec, TLS, or some other encapsulating data-security protocol protects the SDP message.  SIP layer security between SIP Client and SIP Server, such as SIP TLS will be required by some customers to use SDES.  However, this document focuses only on the SDES key exchange to establish the Secure RTP session. 

...

    • Forward Error Correction (FEC) is not required.
    • On SDES offer, the SR140 will support only one crypto attribute per media type.  If more than 1 crypto attribute is offered, we need to define the SR140 needs to be ready to figure out which crypto attribute was acceptedbehavior.
    • SIP security preconditions (sprecon) will not be supported

...