I forgot something, with Kamailio default configuration media goes always directly between clients. Moreover, if you want to be sure that any endpoint is who it says to be you should use client side autentication for SIP protocol. TLS module documentation clears how to do it.
http://kamailio.org/docs/modules/devel/modules/tls.html 2012/11/27 Jesús Pérez Rubio <jesus.pe...@quobis.com> > Hi, If you are using SRTP your conversations will be encrypted, so nobody > could eavesdrop it. Only if your Kamailio was compromised they could be > eavesdropped. > > I think you are confusing SRTP (media) with signaling (SIP). You should > implement SIP over TLS too, it makes no sense to use SRTP without encrypt > signaling. If not, it could be possible to sniff conversations with a MiTM > but, anyway, I don't know any tool which supports it. > > Here I speak a bit about VoIP encryption, I think it could help you: > > http://nicerosniunos.blogspot.com.es/2011/08/voip-eavesdropping-counter-measurements.html > > Best regards. > > > > 2012/11/27 Mino Haluz <mino.ha...@gmail.com> > >> Hi, >> >> maybe it is not that kamailio related question, but I dont know any other >> place with such good voip professionals ;) I have kamailio and mediaproxy. >> Clients are BudgetTone 200 (Grandstream) and CSipSimple. I am forcing >> clients to use SRTP but it does not support adding any certificate on both >> sides. SRTP call is working fine. >> >> The question is, in this case, is man-in-the-middle attack possible? >> Maybe I should study SRTP more, but basically, if there are no >> certificates, there is no method how to be 100% sure that the media goes >> directly between clients. Is it true? >> >> Thanks for response, >> Mino >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> >> > > > -- > Jesús Pérez > VoIP Engineer at Quobis > > Fixed: +34 902 999 465 > Site: http://www.quobis.com > > -- Jesús Pérez VoIP Engineer at Quobis Fixed: +34 902 999 465 Site: http://www.quobis.com
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
