[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec for IP Telephony
<sigh>
>>> ----- The following addresses had permanent fatal errors -----
>>> <ipsec@tis.com>
This is in reply to <199903291624.LAA16776@lists.tislabs.com>.
Frank Costantini writes:
> Is the intent of the IPSEC community that secure IP Telephony
> applications utilize 3DES in CBC mode for encryption? Considering the
> extreme sensitivity that IP Telephony has for latency, CBC mode is not
> a good choice for a cryptographic mode for that application.
DES-CBC is the default encryption algorithm for the stopgap
confidentiality service built into RTP [RFC 1889]. (The forthcoming
revision of RTP, draft-ietf-avt-rtp-new-03, suggests use of IPsec
services instead.) RFC 1889 says of DES-CBC:
"This method is chosen because it has been demonstrated to be
easy and practical to use in experimental audio and video tools in
operation on the Internet."
I don't know any details of the operational experience cited by the RFC,
however.
-Lewis
--
"Hackers can't and have not accessed our satellites. It is impossible
for a hacker to get into the system." -- UK MoD spokesman, 1 Mar 1999