By Date:	<-- -->
By Thread:	<-- -->

ipsec vs. tls/srtp ?

From: Irwin Lazar <ilazar (at) burtongroup.com>
Date: Wed, 22 Feb 2006 16:30:39 -0500

Dan and others,
Can you separate out the signaling encryption from the media encryption?
That is, can one typically use SRTP for encrypting the actual voice stream
without encrypting the signaling stream?

The reason I ask this is my assumption is that if the signaling stream is
encrypted, VoIP-aware firewalls are no longer viable since the FW can't see
inside the signaling session to know which ports to open for the media
session.

Thoughts?

Irwin

-- 
Irwin Lazar, CISSP
Senior Analyst, Burton Group
ilazar (at) burtongroup.com
Phone: 703-742-9659
AIM/Gizmo/Google/MSN/Skype/Yahoo: imlazar
SightSpeed: ilazar (at) burtongroup.com



> From: <dan_york (at) Mitel.com>
> Date: Wed, 22 Feb 2006 14:01:53 -0500
> To: Jin Wang <jin_x_wang (at) yahoo.com>
> Cc: <Voipsec (at) voipsa.org>
> Subject: Re: [VOIPSEC] ipsec vs. tls/srtp ?
> 
> Jin,
> 
>> The recent list discussion about voip & vpns brings up another
>> question: How do the list members feel about using tls & srtp as a
>> secure alternative to running sip voip over ipsec vpns ?    There
>> would seem to be some advantages to using tls & srtp but I  would like
> some other opinions.
> 
> Are you asking about the approach of separately encrypting the SIP call
> control 
> using TLS and then encrypting the voice using SRTP?  (Versus not
> encrypting both 
> but just tunnelling all the unencrypted traffic over an encrypted VPN
> tunnel?)
> 
> If so, yes, we see that as a secure alternative to VPN tunnelling.  This
> is
> how we secure all of our (Mitel) sets.
> 
> Regards,
> Dan
> 
> -- 
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel Corp.     http://www.mitel.com
> dan_york (at) mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
> _______________________________________________
> Voipsec mailing list
> Voipsec (at) voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


_______________________________________________
Voipsec mailing list
Voipsec (at) voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

Follow-Ups:
- ipsec vs. tls/srtp ?
  - From: "Dan Wing" <dwing (at) cisco.com>

References:
- ipsec vs. tls/srtp ?
  - From: dan_york (at) Mitel.com

Prev by Date: SRTP
Next by Date: SRTP
Previous by thread: ipsec vs. tls/srtp ?
Next by thread: ipsec vs. tls/srtp ?
Index(es):
- Main
- Thread