4 (Voice) Encryption Security Profile Applicable for any RTP Stream Depends on (part of) H.235 Annex D Uses DH (Diffie-Hellman) secret key for session keys distribution Mechanism for Session-Key update and synchronization Encryption Algorithms - DES, Triple DES, RC2 Anti-Spamming protection
5 H.235 Annex E Provides Authentication or/and Integrity Signature Profile – Public Key Infrastructure (PKI) Certificate Based Security Scalable - applicable for Global IP Telephony Hop-by-Hop and End-to-End security Digest Algorithms - MD5 or SHA1 signatures
6 H.235v3 Annex F Hybrid Security Profile Uses Annex E signatures (when required) Uses Annex D otherwise More secure than Annex D More lightweight than Annex E Scalable - Applicable for Global IP telephony
7 Status H.235
8 H.235 Status The Good News… RADVISION ECS supports H.235 Annex D (Basic Profile) Authentication and Integrity On the roadmap - Encryption and Annex E The Bad News… No Multimedia Endpoints (to date) support H.235 Some are working on it or provide proprietary authentication Workarounds exists – Pre-Defining EPs, Using LDAP for authentication, etc.