msec-5----Page:3
1 2 3 4 5 6 7 8 9 10 11 12 13
|
Observations Items 2 and 3 are naturally provided by a Diffie-Hellman exchange. Item 1 can be provided by a SAML attribute cert of the UAs ID and DH key signed by the UA’s SIP server. The important part of this presentation An optional second round trip extension to MIKEY, encrypted with the Diffie-Hellman derived session key can provide items 4 and 5. Perhaps item 5 (lack of reliable time clocks) may not be of practical concern Locality of validation and D-H key sizes to address item 6. All of these components together create a relatively easy to deploy secure VoIP environment. |