[guardian-dev] Blog post: VoIP Security Architecture

Aaron Lux a at AaronLux.com
Fri Nov 29 18:08:21 EST 2013



Hi
To see what IP addresses are seen by federated node you can fill out my
SIP Registration form at www.solisradii.com to make calls to ostel.co.
-Aaron


> Hello Michael,
>
> Could you describe in more detail the threat model in question?
> Consider that much of the metadata required to establish a SRTP
> stream is contained in the payload of the encrypted SIP packets and
> the RTP stream. Also consider that the backend to support most
> VoIP implementations proxies encrypted traffic and since federated
> calls between domains works by default with a properly implemented
> SIP/RTP proxy the full network path can be arbitrarily complex.
>
> One detail I left out in the 500 word article is that a call's
> endpoints use the SDP protocol to negotiate the media stream
> metadata. This includes endpoint IP addresses, codecs, etc. This
> information is encrypted within the SIP dialog.
>
> Regards, Lee



More information about the Guardian-dev mailing list