[VOIPSEC] RTP or SRTP inside UDP - how understand?

Lee Dilkie lee_dilkie at mitel.com
Mon Mar 27 15:11:00 CST 2006 

Simon Horne wrote:
> The only way I know of is to detect the key exchange in the signalling and 
> disable the RTP transcoding.
>   
Agreed, but the signaling mightn't pass through you.
> You can tell (and it is not definitive) if the payload is encrypted by 
> examining the payload length and seeing if it is not exactly the same as 
> what would be expected for that particular codec.. Usually the output 
> length from the cipher (due to the cipher key length) does not match 
> exactly the normal unencrypted payload size. It may only be a couple of 
> bytes but it is detectable. However to the intermediary devices (proxies, 
> gateways etc) it is handled exactly the same as if it was RTP so legacy 
> devices should be able to handle it (except if transcoding of course). SRTP 
> on the other hand may require intermediary devices to handle it and the 
> packets carry a flag saying "I'm encrypted" which makes it much easier to 
> detect.
>   
Unfortunately, SRTP doesn't add any such flag to the RTP header, wish it 
did... If you are doing codec transcoding, then you'll still see the 
"correct" codecs in the RTP payload type field for encrypted traffic as 
well. And if no authentication or MKI header is added to the packet by 
SRTP (they are optional) then the packet will also be exactly the same 
length for encrypted and non-encrypted traffic, so there is no way to 
tell from the expected length.
> Simon
>
> At 03:31 AM 28/03/2006, Sergey Vointsev wrote:
>   
>>> The more pressing question would be: if you're receiving an SRTP stream,
>>> why don't you know about it?
>>>       
>> Of course I know.
>> But I heard somewhere, that if some gateway in the net receives
>> something, that it considers to be RTP packet with some known codec
>> used, it can transcode it to some other codec. Am I misinformed? (yes,
>> I'm novice to VoIP :)
>> So actually I want to know how can we tell such devices "payload is
>> encrypted, don't touch it!".
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>     
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list