I think I'm more lost on this issue than ever... I opened a ticket with CallCentric asking about TLS/SRTP and I got a reply that didn't make a lot of sense to me. Basically they said that since their connection to the PSTN is not encrypted, they don't do it with end users BUT I could enable it so that calls to other CC users or extensions would be. Two things I don't get here:
- my phones have no per-destination SRTP config, so how would encryption be selectively applied like that?
- even if CC's "connection to the PSTN" (SIP trunks?) is not encrypted, I'd still like to see traffic from my phone to them encrypted. 10 minutes with wireshark will drive that point home
Further questions on this... SRTP is basically just for the audio streams, correct? Does that mean that all the signaling (who I'm calling, who's calling me) and the login process is left in the clear on 5060?
And who are the major consumer-side providers that might offer encryption? With Lets Encrypt giving everyone free certs these days, I feel like any provider not bothering with this just isn't worth the money.
↧