Nice use of opportunistic encryption with SIP

Peter Gutmann pgut001 at
Sat Oct 1 08:50:58 EDT 2005

In order to use encryption with SIP, you're stuck with using certificates
(there's no way to do authenticated DH like a number of other secure-phone
devices allow you to do).  However, one vendor has found a nice way around
this: You go to their web page, enter your device IP address and SIP user ID,
and they generate a pre-packaged certificate for you that your browser posts
to the VoIP device once you click the submit button.  See for the interface.

(I don't know if they use key continuity management, but they've certainly
reduced the PKI-based entry barrier for voice encryption to a minimum.  The
only way to make it even easier would be to have the device automatically
contact the server for a cert when it's set up, but then that might be
difficult due to firewalling).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list