[linux-elitists] Re: Looking back ten years: Another Cypherpunksfailure (fwd)
Enzo Michelangeli
em at who.net
Sun Jan 27 19:59:43 EST 2002
If everything is tunnelled inside SSH, its ultimate transport is TCP, which
is bad for data types like voice where reliability is less important than
low delay. The right thing to do is to build decent security into the RTP
layer (the standard transport for voice applications, RFC1889): the SRTP
draft (http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-02.txt) goes
in this direction. Authentication and key exchange are supposed to be
handled in the session initiation phase (e.g., through SIP or H.323).
Alternatively, one could rely on IPSEC, but its support on the target
machine cannot (yet?) be taken for granted; the RTP stack, on the opposite,
is usually built into the application rather than the kernel.
Enzo
----- Original Message -----
From: "Eugene Leitl" <Eugene.Leitl at lrz.uni-muenchen.de>
To: "Cryptography List" <cryptography at wasabisystems.com>
Sent: Monday, 28 January, 2002 4:51 AM
Subject: Re: [linux-elitists] Re: Looking back ten years: Another
Cypherpunksfailure (fwd)
>
> anybody used that combo?
>
> ---------- Forwarded message ----------
> Date: Sun, 27 Jan 2002 12:45:21 -0800
> From: Don Marti <dmarti at zgp.org>
> To: Linux Elitists List <linux-elitists at zgp.org>
> Subject: Re: [linux-elitists] Re: Looking back ten years: Another
> Cypherpunks failure (fwd)
>
> begin Eugene Leitl quotation of Sun, Jan 27, 2002 at 09:22:57PM +0100:
>
> > Why is there no secure telephony package coming with debian?
>
> How about gnome-o-phone over rtptunnel over ssh? I know gphone is
> packaged; don't know if rtptunnel is.
>
> If that's acceptably fast it reduces the key management problem
> to the previously solved (kind of) problem of ssh key management.
> If you want someone to be able to call you, just add his or her
> key to a special authorized_keys for a dial-in account.
>
> http://gphone.sourceforge.net/
>
> --
> Don Marti
> http://zgp.org/~dmarti Join the Distributed Unisys Google
Experiment.
> dmarti at zgp.org <a
href="http://burnallgifs.org/">Unisys</a>
> KG6INA
everywhere.
> _______________________________________________
> linux-elitists
> http://zgp.org/mailman/listinfo/linux-elitists
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list