[10291] in cryptography@c2.net mail archive
Re: [linux-elitists] Re: Looking back ten years: Another Cypherpunksfailure (fwd)
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Mon Jan 28 12:31:18 2002
Message-ID: <002601c1a797$2d5db220$0200000a@noip.com>
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@wasabisystems.com>
Cc: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de>
Date: Mon, 28 Jan 2002 08:59:43 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
If everything is tunnelled inside SSH, its ultimate transport is TCP, which
is bad for data types like voice where reliability is less important than
low delay. The right thing to do is to build decent security into the RTP
layer (the standard transport for voice applications, RFC1889): the SRTP
draft (http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-02.txt) goes
in this direction. Authentication and key exchange are supposed to be
handled in the session initiation phase (e.g., through SIP or H.323).
Alternatively, one could rely on IPSEC, but its support on the target
machine cannot (yet?) be taken for granted; the RTP stack, on the opposite,
is usually built into the application rather than the kernel.
Enzo
----- Original Message -----
From: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de>
To: "Cryptography List" <cryptography@wasabisystems.com>
Sent: Monday, 28 January, 2002 4:51 AM
Subject: Re: [linux-elitists] Re: Looking back ten years: Another
Cypherpunksfailure (fwd)
>
> anybody used that combo?
>
> ---------- Forwarded message ----------
> Date: Sun, 27 Jan 2002 12:45:21 -0800
> From: Don Marti <dmarti@zgp.org>
> To: Linux Elitists List <linux-elitists@zgp.org>
> Subject: Re: [linux-elitists] Re: Looking back ten years: Another
> Cypherpunks failure (fwd)
>
> begin Eugene Leitl quotation of Sun, Jan 27, 2002 at 09:22:57PM +0100:
>
> > Why is there no secure telephony package coming with debian?
>
> How about gnome-o-phone over rtptunnel over ssh? I know gphone is
> packaged; don't know if rtptunnel is.
>
> If that's acceptably fast it reduces the key management problem
> to the previously solved (kind of) problem of ssh key management.
> If you want someone to be able to call you, just add his or her
> key to a special authorized_keys for a dial-in account.
>
> http://gphone.sourceforge.net/
>
> --
> Don Marti
> http://zgp.org/~dmarti Join the Distributed Unisys Google
Experiment.
> dmarti@zgp.org <a
href="http://burnallgifs.org/">Unisys</a>
> KG6INA
everywhere.
> _______________________________________________
> linux-elitists
> http://zgp.org/mailman/listinfo/linux-elitists
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo@wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
