Re: [Opalvoip-devel] H.235.8 - SRTP over H.323
Brought to you by:
csoutheren,
rjongbloed
From: Simon H. <s....@pa...> - 2013-07-11 00:06:48
|
Robert Yes that is correct. While H.235.8 is defined there is NO SRTP deployed in H.323. H.235.6 is "native" and stenographic meaning it uses standard RTP and only encrypts the payload and pads/truncates the encrypted payload (multiple of key length) so it appears to wireshark etc as being just plain regular RTP. You will need to committed to adding encryption in H.323 as implementing H.235.6 is absolutely no simple undertaking and there is no possible interworking function with SIP other than proxy decrypt and re-encrypt. For instance we implemented in GnuGk the H.323 side H.235.6 encrypt/decrypt function so it could sit in front of the H.323/SIP border controller. Simon From: Robert Jongbloed [mailto:ro...@vo...] Sent: 11 July 2013 09:04 To: Opa...@li... Subject: Re: [Opalvoip-devel] H.235.8 - SRTP over H.323 So, you are saying the H.323 does not use SRTP at all? Robert Jongbloed OPAL/OpenH323/PTLib Architect and Co-founder. Commercial support at http://www.voxlucida.com.au On 10/07/2013 9:29 PM, Simon Horne wrote: Robert Nope. The universally agreed method in H.323 is H.235.6 (with AES128,256) and this is what is deployed. While it was agreed, as I understand, at the time that SRTP/H.235.8 for better interwork with SIP was going to be the "way" of the future it just never happened. BTW: We agreed at the last ITU meeting to revise H.235.6 to add 8k and 16k DH key length and more importantly to remove the restrictive word "voice" out of the title to indicate it is currently being deployed for both audio and video. Simon From: Robert Jongbloed [mailto:ro...@vo...] Sent: 10 July 2013 18:44 To: Opa...@li... Subject: [Opalvoip-devel] H.235.8 - SRTP over H.323 Does anyone know of an endpoint that does SRTP over H.323, aka H.235.8? -- Robert Jongbloed OPAL/OpenH323/PTLib Architect and Co-founder. Commercial support at http://www.voxlucida.com.au |