http://en.wikipedia.org/wiki/ZRTP
ZRTP is SRTP based, but instead of using SIP to exchange keys, it exchanges keys within the media stream itself making it more secure. It does not require PKI.
https://wiki.freeswitch.org/wiki/ZRTP
Включение: в switch.conf:
<param name="rtp-enable-zrtp" value="true"/>
Есть 3 режима работы:
- trusted MITM, когда устанавливается 2 сессии с сервером, с транскодингом,
- простой проброс rtp - media relay, и
- прямой (direct, peer-to-peer) режим, когда rtp через сервер вообще не ходит.
Про первый режим
The PBX can operate as a trusted man-in-the-middle, terminating the media streams for both parties at the PBX. This also terminates the ZRTP encryption for both parties at the PBX. This is mathematically equivalent to a classic man-in-the-middle attack, but it's not really an attack if the clients trust the PBX and consent to this. ZRTP has a mechanism to allow a client to recognize a trusted PBX to act as a "friendly" man-in-the-middle. This allows conference mixing, transcoding, and lawful interception of plaintext media, all within the confines of the trusted PBX.
http://zfoneproject.com/faq.html
ну и в целом дока интересная и полезная.
Включить первый режим:
<action application="set" data="zrtp_enrollment=true"/>
второй режим (проксирование):
<param name="inbound-zrtp-passthru" value="true"/>
плюс
https://wiki.freeswitch.org/wiki/Proxy_Media
И напоследок дока с картинками
http://zfone.com/docs/asterisk/man/html/u_guide.html
