7 dtmf, 8 encryption (call security), Dtmf encryption (call security) – CounterPath Bria 3.0 Configuration Guide – Retail Deployments User Manual

Bria 3 Configuration Guide – Retail Deployments

13

2.7 DTMF

This group of settings configures Bria to handle DTMF. DTMF will be sent using either:

•

Out-of-band using 2833 DTMF packets

•

Out-of-band using 2833 DTMF, with a fallback to in-band.

•

In-band, by encoding the DTMF signal in the audio stream.

The preferred method is out-of-band. In-band is used only to deal with specific network situations, as described
in the reference section for these settings.

2.8 Encryption (Call Security)

About Encryption

Bria can be configured to support specific combinations of signaling and media encryption (security) for phone
calls.

•

Signaling encryption is only possible using TLS as the transport; UDP and TCP do not support signaling
encryption.

•

Media encryption, which is performed using SRTP, can only be supported if signaling encryption is in
place, in other words, if TLS is used for the transport.

Setting up for Security outside of Bria

When using TLS, the user must have the root certificate that signs the proxy’s chain of certificates. In most
cases, the root certification will already be installed. Procedures for exchange of certificates are outside the
scope of this documentation. The certificates must be stored on the Bria computer, in the root certificate store.

Setting up the root certificate on the Bria user’s computer ensures that the connection to the proxy is TLS secure
(the first hop). Any proxy in the chain (between the user and the other party) that does not support TLS may
cause an insecure link in the chain. Therefore, if the other party is outside your domain, you cannot be
completely sure that the call is secured at the signaling level, which means that you cannot be sure that it is
secured at the media level.

When a call with both signaling and media encryption is established, Bria displays the encryption icon. This
icon indicates that the call is secure between each caller and their proxy (the first and last hops); the call may or
may not be secure for other hops.

Encryption Options Supported by Bria

You must set up each account to enable or disable call encryption.

Option

How Outgoing Calls are Handled

How Incoming Calls Are Handled

Make and accept
only encrypted
calls

Bria will place all calls with TLS. The call
invite will specify SRTP media encryption.
If the correct certificates are not in place or if
the other party does not accept encrypted calls,
the call will fail.

Bria will only accept INVITEs that are for encrypted calls.
If Bria receives a call INVITE that is not encrypted, the call
will be rejected.

Do not allow
encrypted call

Bria will place only unencrypted calls.
If the other party does not accept unencrypted
calls, the call will fail.

Bria will only accept INVITEs that are for unencrypted calls.
If Bria receives a call invite that is encrypted, the call will be
rejected.