secure phone (was Re: Starium...)

Enzo Michelangeli em at
Wed Jun 6 23:34:11 EDT 2001

----- Original Message -----
From: "William Allen Simpson" <wsimpson at>
To: <cryptography at>
Sent: Wednesday, June 06, 2001 12:59 PM
Subject: secure phone (was Re: Starium...)

> Now, the question is where to put the encryption.  PPP has it.  IP has
> it.  But, I expect that VoIP/RTP would want it on the voice alone?

RFC1889 and RFC1890 define a mechanism for encryption of RTP/RTCP
streams, and only specify single DES-CBC as default algorithm. Which is why
SpeakFreely, in alternative to RTP, can also use its own proprietary
transport, supporting also IDEA and Blowfish. In SpeakFreely the session key
may be exchanged with PGP 2.6.x.

Most commercial VoIP products nowadays are based on ITU's H.323, which also
uses RTP/RTCP, and since its version 2 addresses the security issues by
delegating them to H.235. See the summary of this standard at, but note how it ends:

"This Recommendation supports signalling of well-known algorithms in
addition to signalling non-standardized or proprietary cryptographic
algorithms. There are no specifically mandated algorithms; however, it is
strongly suggested that endpoints support as many of the applicable
algorithms as possible in order to achieve interoperability. This parallels
the concept that the support of Recommendation H.245 does not guarantee the
interoperability between two entities' codecs." Oh well, so much for

The IETF provides an (IMHO better) alternative to the baroque complexity of
H.323. Sessions are initiated through the SIP protocol (RFC2543), with an
SDP (Session Description Protocol, RFC2327) part which may contain the
session keys to be used for the media encryption of the RTP stream. In turn,
the SDP data, together with other SIP headers, may be protected by
end-to-end content encryption schemes (PGP is the one that "SHOULD" be
supported). In addition, hop-to-hop encryption could protect SIP data using
TLS, SSH, IPSEC or whatever.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list