[VOIPSEC] What methods of encrypting SIP signaling are out there *other than* TLS encryption?

Raul Siles raul.siles at gmail.com
Thu Aug 16 20:24:41 CDT 2007 

Hi Dan,
Your post arrives just in time for a VoIP security research I'm
currently performing. I have the same feeling/corroboration as you:
- It seems S/MIME is rarely used due to its PKI requirements and the
complexity of managing all the certificates.
- AFAIK, IPSec is being actively used by some vendors nowadays for
both, signaling and media.
- SIP over TLS is the most widely used option. However, I think it is
important to differentiate between the "old" Secure SIP (TCP-based SIP
over TLS), and the "new" DTLS, Datagram TLS, for UDP-based SIP
communications. It would be interesting to know the adoption of both
separately.

Given the amount of VoIP vendors and companies in this list, I would
also love to hear what others have to say about common usage for SIP
encryption nowadays.

Just to complement the info about this thread, is there any resource
listing the signaling proprietary encryption schemes?
--
Raul Siles
GSE
www.raulsiles.com

On 8/17/07, dan_york at mitel.com <dan_york at mitel.com> wrote:
> VOIPSEC readers,
>
> Question for the list... someone recently asked me if there were methods
> of encrypting SIP *other than* TLS-encryption (SIPS) in common usage?
>
> I pondered that for a bit but I couldn't honestly think of any other
> implementations that I have heard about recently (in the open standard
> world - there are of course always proprietary encryption schemes).  I
> recall some people doing some work with S/MIME-encrypted SIP, but I don't
> remember that going anywhere (am I wrong?).  All the vendors, SBCs,
> firewalls, etc. that I could think of use TLS-encrypted SIP as the method
> of securing SIP signaling.  (Well, okay, I do remember hearing of someone
> nailing up an IPSec VPN between the set and the IP-PBX and routing all SIP
> and voice over the IPSec VPN, but for me IPSec seems a wee bit too
> heavyweight.)
>
> Are there other SIP encryption mechanisms out there that I'm forgetting?
>
> Note that I am talking about *SIP* signaling encryption and NOT about SRTP
> encryption.  I'm well aware of all of the various SRTP encryption
> mechanisms.
>
> Thanks,
> Dan
>
> --
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel       http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list