Hi, Fabio Pietrosanti (naif) wrote: > Hi all, > > please be careful in checking that speex VBR is not compatible with SRTP > as there are well known security vulnerability that affect SRTP when > used with VBR enabled codec. > > If VBR is introduced please also add that kind of check to the code, > SRTP & VBR feature cannot be enabled at the same time because of > security risks: > http://www2.computer.org/portal/web/csdl/doi/10.1109/SP.2008.21 > > A new internet-draft for SRTP modification for supporting without > security risks VBR features is in progress: > http://bgp.potaroo.net/ietf/idref/draft-perkins-avt-srtp-vbr-audio/ Thanks, very illuminative. Interesting that the referenced IETF draft also suggests to disable VAD with SRTP as extreme form of VBR. -- Roman Imankulov roman at netangels.ru
