[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec for IP Telephony


>>>    ----- The following addresses had permanent fatal errors -----
>>> <ipsec@tis.com>

This is in reply to <199903291624.LAA16776@lists.tislabs.com>.

Frank Costantini writes:
> Is the intent of the IPSEC community that secure IP Telephony
> applications utilize 3DES in CBC mode for encryption?  Considering the
> extreme sensitivity that IP Telephony has for latency, CBC mode is not
> a good choice for a cryptographic mode for that application.

DES-CBC is the default encryption algorithm for the stopgap
confidentiality service built into RTP [RFC 1889].  (The forthcoming
revision of RTP, draft-ietf-avt-rtp-new-03, suggests use of IPsec
services instead.)  RFC 1889 says of DES-CBC:

          "This method is chosen because it has been demonstrated to be
   easy and practical to use in experimental audio and video tools in
   operation on the Internet."

I don't know any details of the operational experience cited by the RFC,

"Hackers can't and have not accessed our satellites.  It is impossible
for a hacker to get into the system."  -- UK MoD spokesman, 1 Mar 1999