curious to know the answer, on deskphones you can actually tell by the little shield icon added to the call on the display.
On Jabber, well if the other end is Jabber as well, I guess Wireshark and see if SRTP is used for the call. Not very practical, though
When this is implemented in 9.2, will you be embedding a Cisco MIC in the application? This has been missing with CIPC or CUPC installers to date forcing the customer to enroll via By Authentication String. The shared secret string requires coordination between the administrator and the user which is a significant hurdle to clear at scale. If we had a MIC to enroll via instead, as we do with physical phones, we could make this process transparent to users.
Also, will the LSC be installed within the %AppData% path so that it roams with a user should they move from one Windows workstation to another?
Why, in the UCM, can we create a security profile for CSF phone models?
Cisco Unified Client Services Framework - Standard SIP Non-Secure, we can create a Secure mode..... but can we create but dont apply for Jabber?
The CSF device type is used by multiple clients, including CUPC 8.x which predates Jabber and did support SRTP/TLS. All of the server-side work is done here; the functionality just needs to be added into the Jabber client.
Thanks for your feedback. I am not aware of the implementation details of this feature. I have forwarded your feedback to the relevant team and will update the thread when I know more.
I got response from the team on your queries:
>> will you be embedding a Cisco MIC in the application?
"This has not yet been finalized, however we expect to continue to use an LSC for Jabber 9.2. We understand that the LSC deployment process is very laborious and definitly requires improvements, but first step is to get back to parity with the 8.x."
>> will the LSC be installed within the %AppData% path so that it roams with a user should they move from one Windows workstation to another?
"This has not yet been finalized, but it is expected that we will store it with the user’s roaming profile on Windows."
In the same topic, could you please tell me what can today be encrypted with Jabber client for windows 9.1 ?
I tried to implement TLS for XMPP with no success.
So, among all protocols running (CCMIP, XMPP, SIP, LDAP etc...) what can we do today to secure all those traffic ?
Thank you for you answer,
CCMCIP: Uses TLS
XMPP : XMPP stanzas are encrypted using
SIP : Not secure - on backlog
LDAP : Uses LDAPS to connect securely to an LDAP directory service (port 636) OR connects securely to the Global Catalog server (port 3269)
IMAP : Uses SSL
Thank you for your answer, may I ask you some extra questions about this topic ?
1) Do you have any release date for Jabber 9.2 ?
2) Is there any "securing configuration guide" about Jabber ? Because I did not find anywhere a checklist to implement all secured protocols, I don't know what is implemented as default and what needs extra configuration. About CCMIP, does it need any parameters to use TLS ? About XMPP, same question ? For LDAP and IMAP, ok I found the parameters.
With kind regards,
1) 9.2 is expected in March. No date is available.
2) I am not aware of any such guide. I will let you know if I found one. No client side configuration is required for CCMCIP and XMPP. I suggest to review CUP and CCM admin guides to understand server side security setup e.g. on CUP server:
System > Security > Settings >
Enable XMPP Client To CUP Secure Mode e.t.c