[Blink] SIP2SIP with physical VOiP phone

Michael Nagie promike1987 at gmail.com
Thu Jan 12 00:08:20 CET 2017


Thank you for clarifying it, now I have some clues in my hands.
I tried to look up these things but my knowledge was so insufficient 
that I didn't understand the whole thing. 

On 17-01-11 22:08:34, Adrian Georgescu wrote:
> TLS is only used for signaling, that is to start the call. Regardless of TLS or other plain text transport, the server always know who and when your calling otherwise it cannot route the SIP packets  to the destination. TLS is good against external parties that may tap into your network and this is it, but this is th last of your worries in today’s environment
> 
> Media is where your audio/video goes. Media is not using TLS, is separate from signaling.
> 
> SDES is a mechanism used for exchanging the key used to encrypt the media path. The server has access to this key because is present in the siganling. 
> But when using ZRTP instead of SDES, the server does not, and nobody can decrypt the media unless it is able to hack on of the end-points.
> 
> All these are documented standards, you can find how they work easily.
> 
> Adrian
> 
> 
> > On 11 Jan 2017, at 21:48, Mike Nagie <promike1987 at gmail.com> wrote:
> > 
> > Thank you for your help!
> > 
> > On 17-01-10 17:22:55, Adrian Georgescu wrote:
> >> 
> >>> Could I establish an encrypted connection between GXP1625 and Blink?
> >> 
> >> It depends what encryption your hard phone uses. Blink supports SDES (server has access to the key) and ZRTP (end-to-end encryption and key exchange). I doubt the hard-phones implement ZRTP, typically they use SEDS which is broken by design.
> >> 
> >> Practically if you want encryption where no intermediaries can listen in, you must use ZRTP.
> > 
> > It says the device supports SRTP and TLS.
> > SRTP almost looks like ZRTP, but I assume they are not compatible at 
> > all.
> > I don't quite understand this. Why do I need a second encryption and a 
> > second lock icon in Blink if the whole connection is encrypted with TLS?!
> > I imagine TLS as an encrypted tube and data are decrypted at the 
> > receiver. No one can eavesdrop.
> > Don't get me wrong. I'm happy with the double locks. I feel safe.
> > 
> >> 
> >>> (I would say yes, Sip is Sip, but I couldn't connect to the Ekiga server 
> >>> with Blink.
> >> 
> >> Is easy to see why, just open the Logs window an you can see what is wrong.
> > 
> > 
> > I think that's it:
> > 
> > 2017-01-11 21:13:20.377948 [blink 18052]: DNS lookup NAPTR ekiga.net failed: DNS response contains no answer
> > 2017-01-11 21:13:20.388680 [blink 18052]: DNS lookup TXT xcap.ekiga.net failed: DNS record does not exist
> > 2017-01-11 21:13:20.400012 [blink 18052]: DNS lookup SRV _sips._tcp.ekiga.net failed: DNS record does not exist
> > 2017-01-11 21:13:20.403648 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net.
> > 2017-01-11 21:13:20.404331 [blink 18052]: DNS lookup A ekiga.net. succeeded, ttl=86176: 86.64.162.35
> > 2017-01-11 21:13:20.413414 [blink 18052]: DNS lookup SRV _sips._tcp.ekiga.net failed: DNS record does not exist
> > 2017-01-11 21:13:20.413796 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net.
> > 2017-01-11 21:13:20.414049 [blink 18052]: DNS lookup A ekiga.net. succeeded, ttl=86176: 86.64.162.35
> > 2017-01-11 21:13:20.439087 [blink 18052]: DNS lookup SRV _sip._tcp.ekiga.net failed: DNS record does not exist
> > 2017-01-11 21:13:20.439459 [blink 18052]: DNS lookup SRV _sip._udp.ekiga.net succeeded, ttl=86400: 0 0 5060 ekiga.net.
> > 2017-01-11 21:13:20.439710 [blink 18052]: DNS lookup A ekiga.net. succeeded, ttl=86176: 86.64.162.35
> > 2017-01-11 21:13:20.452356 [blink 18052]: DNS lookup SRV _sip._tcp.ekiga.net failed: DNS record does not exist
> > 2017-01-11 21:13:20.463967 [blink 18052]: SENDING: Packet 3, +0:01:17.216134
> > 
> >>> Thanks a lot!
> >>> _______________________________________________
> >>> Blink mailing list
> >>> Blink at lists.ag-projects.com
> >>> http://lists.ag-projects.com/mailman/listinfo/blink
> >>> 
> >> 
> >> _______________________________________________
> >> Blink mailing list
> >> Blink at lists.ag-projects.com
> >> http://lists.ag-projects.com/mailman/listinfo/blink
> > 
> > _______________________________________________
> > Blink mailing list
> > Blink at lists.ag-projects.com
> > http://lists.ag-projects.com/mailman/listinfo/blink
> > 
> 
> _______________________________________________
> Blink mailing list
> Blink at lists.ag-projects.com
> http://lists.ag-projects.com/mailman/listinfo/blink

-- 
You may be a victim of software counterfeiting


More information about the Blink mailing list