End-To-End Secured Communications

Home » Asterisk Users » End-To-End Secured Communications
Asterisk Users 1 Comment

Hi,

I’m analyzing how to make Asterisk communications secured End-To-End,
and not sure which is the best approach, SRTP + TLS seems to be secured
but.. at least by default, doesn’t appear to be End-To-End allowing
Asterisk administrators to wiretap communications.. some sites I’ve hear
that with SRTP is also possible End Points exchange keys between them
directly avoiding Man in the Middle, is it possible with asterisk ? how

On the other hand I’ve found ZRTP seems to be secured end-to-end, but we
couldn’t find any IP phones with support for it.. just SoftPhones

Could someone please point me to the right direction ?

Thanks,
Fernando

One thought on - End-To-End Secured Communications

  • This is a fundamental architectural issue with all back-to-back User
    Agents used in SIP networks. They are pretty much by definition a ‘man
    in the middle’. If they are used, the administrators will have access to
    call signaling and media for all calls passing through them.

    It is also important to realize that if you want end-to-end media
    security, then you would not be able to use any of Asterisk’s features
    that involve media handling (transcoding, recording, whispering/spying,
    music-on-hold, conferencing, etc.) Given that, what you really want is a
    pure SIP proxy like Kamailio or OpenSIPs.