puzz-tls-srtpWho fears for the safety of its transmitted data on the Internet is familiar with SSL for decades. SSL stands for "Secure Socket Layer" and says first of not much. This is a certificate-based system.

TLS stands for "Transport Layer Security". Here any Tranportweg (HTTP, email, FTP, or just SIP) over the TCP protocol is secured as well as with SSL.

SRTP is of a different and in many, different in themselves, variations are possible. SRTP stands for "Secure Real Time Protocol" which means that the voice data is encrypted. This key is balance, if no other mechanisms such as (MIKEY, etc.) are used in plain text over a SDP header of the SIP protocol. Even if a secure key exchange for SRTP is gewährleitstet, this is only half of the communication is safe. Their phone numbers i.e. Your caller and the called party number will be transmitted unencrypted. Thus, a potential attacker knows not what, but at least with whom you have spoken.

The result that an RTP stream to be encrypted, exchanging the key exchange between two endpoints in plain text, is thus simple. Thus, the RTP stream can be at any time and relatively easy to decrypt. You only need the master key and the two session keys.

The conclusion is that a secured using TLS / SSL SIP session (signaling a call) until the situation is to allow in all respects, secure SRTP. For the access to the standing in the SDP part of the SIP session crypto keys for SRTP are not readily visible.

This is the reason why the dus.net GmbH SRTP, in conjunction with TLS. We offer with SIP Default Settings a way to encrypt your telephony completely.