[VOIPSEC] What methods of encrypting SIP signaling are out there *other than* TLS encryption?

Michael Billerbeck michael.billerbeck at gmx.de
Fri Aug 17 01:51:30 CDT 2007 

Hi Dan,

as far as I remember from RFC 3261 there is

- SIP Digest Authentication
- SIP over TCP over SSL/TLS
- SIP using IPsec
- SIP using S/MIME, two methods are described:
	- encryption of the SIP body (SDP parameters)
	- tunneling of the whole SIP message using S/MIME tunneling
	  This is for privacy and integrity of SIP header and it has some
overhead
	  because the header is copied
- S/MIME AES rquirements for the SIP

But I don't know if the latter two are used in products.

Regards,
Michael


> -----Original Message-----
> From: voipsec-bounces at voipsa.org 
> [mailto:voipsec-bounces at voipsa.org] On Behalf Of dan_york at Mitel.com
> Sent: Friday, August 17, 2007 3:08 AM
> To: voipsec at voipsa.org
> Subject: [VOIPSEC] What methods of encrypting SIP signaling 
> are out there *other than* TLS encryption?
> 
> VOIPSEC readers,
> 
> Question for the list... someone recently asked me if there 
> were methods of encrypting SIP *other than* TLS-encryption 
> (SIPS) in common usage? 
> 
> I pondered that for a bit but I couldn't honestly think of 
> any other implementations that I have heard about recently 
> (in the open standard world - there are of course always 
> proprietary encryption schemes).  I recall some people doing 
> some work with S/MIME-encrypted SIP, but I don't remember 
> that going anywhere (am I wrong?).  All the vendors, SBCs, 
> firewalls, etc. that I could think of use TLS-encrypted SIP 
> as the method of securing SIP signaling.  (Well, okay, I do 
> remember hearing of someone nailing up an IPSec VPN between 
> the set and the IP-PBX and routing all SIP and voice over the 
> IPSec VPN, but for me IPSec seems a wee bit too
> heavyweight.)
> 
> Are there other SIP encryption mechanisms out there that I'm 
> forgetting?
> 
> Note that I am talking about *SIP* signaling encryption and 
> NOT about SRTP encryption.  I'm well aware of all of the 
> various SRTP encryption mechanisms.
> 
> Thanks,
> Dan
> 
> --
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel       http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list