Discussion:
[Sip-implementors] TLS in IPv6
Jing Jiang
2014-07-15 14:25:59 UTC
Permalink
IPv6 includes IPSEC feature which provides transport layer security. In SIP implementation in IPv4, we need to implement TLS for TCP and DTLS for UDP to provide communication security. We also need to implement SRTP to protect media. For SIP or RTP in IPv6, should we just rely on IPSEC provided IPv6? I still see IPv6 implementation with TLS and SRTP support.

Thanks,
Jing


-----------------------------------------------------------------------------------
BIAMP SYSTEMS EMAIL NOTICE
The information contained in this email and any attachments is confidential and
may be subject to copyright or other intellectual property protection. If you
are not the intended recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or telephone and
delete the original message from your mail system.
-----------------------------------------------------------------------------------
Vadivel Subramaniam
2014-07-15 18:29:49 UTC
Permalink
Hi Jing,

IPSec requires Security Associations(SA) to be created between
hosts/devices/peers. This association is the tunnel protected by IPSec
where all the data is encrypted. IPSec is most commonly used between hosts
like proxy servers, gateways or between call server and media server etc.

IMO, TLS and SRTP are still the preferred protocols for SIP endpoints (even
in the IPv6 world).

Thanks
Vadivel
Post by Jing Jiang
IPv6 includes IPSEC feature which provides transport layer security. In
SIP implementation in IPv4, we need to implement TLS for TCP and DTLS for
UDP to provide communication security. We also need to implement SRTP to
protect media. For SIP or RTP in IPv6, should we just rely on IPSEC
provided IPv6? I still see IPv6 implementation with TLS and SRTP support.
Thanks,
Jing
-----------------------------------------------------------------------------------
BIAMP SYSTEMS EMAIL NOTICE
The information contained in this email and any attachments is
confidential and
may be subject to copyright or other intellectual property protection. If you
are not the intended recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or telephone and
delete the original message from your mail system.
-----------------------------------------------------------------------------------
_______________________________________________
Sip-implementors mailing list
Sip-implementors at lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
Jing Jiang
2014-07-14 21:34:44 UTC
Permalink
IPv6 includes IPSEC feature which provides transport layer security. In SIP implementation in IPv4, we need to implement TLS for TCP and DTLS for UDP to provide communication security. We also need to implent SRTP to protect media. For SIP or RTP in IPv6, should we just rely on IPSEC provided IPv6?

Thanks,
Jing


-----------------------------------------------------------------------------------
BIAMP SYSTEMS EMAIL NOTICE
The information contained in this email and any attachments is confidential and
may be subject to copyright or other intellectual property protection. If you
are not the intended recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or telephone and
delete the original message from your mail system.
-----------------------------------------------------------------------------------
James Cloos
2014-07-15 20:54:09 UTC
Permalink
JJ> IPv6 includes IPSEC feature ... For SIP or RTP in IPv6, should we
JJ> just rely on IPSEC provided IPv6?

Even though the ipv6 rfc specified ipsec as a required feature, you'll
find that in practice it is relatively rare.

General sip/rtp interaction, even over ipv6, still requires tls and/or
dtls for sip and srtp and/or dtls for rtp. And tls for webrtc, if you
want to support webrtc.

-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
Loading...