Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6906
Views
10
Helpful
1
Replies

CTL and ITL - Why do we need two different Trust Lists

tschafferx
Level 1
Level 1

‎07-25-2018 03:35 AM

Hello Cisco community,

 

the ITL file has the following functions: Authenticated-, encrypted -TFTP-Files, TVS. The CTL has the following functions: Authenticated-, encrypted -TFTP-Files, ecrypted call signaling and call media.

 

The question I ask myself is why does the SBD (ITL) not also encrypt voice signaling and media. Since the tokenless approach of the CTL file are there any differences between how secure each trust list actually is, compared to each other (ITL vs CTL). In other words, why wouldn't I use the ITL file for call encryption.

 

Thank you in advance.

Labels:
0 Helpful
1 Reply 1

Jaime Valencia
Cisco Employee
Cisco Employee

‎07-25-2018 07:46 AM

Because ITL is not used for that purpose, and is enabled by default

SBD Overview

This section provides a quick overview of exactly what SBD provides. For full technical details of each function, see the SBD Detail and Troubleshooting Information section.

SBD provides these three functions for supported IP phones:

  • Default authentication of TFTP downloaded files (configuration, locale, ringlist) that use a signing key
  • Optional encryption of TFTP configuration files that use a signing key
  • Certificate verification for phone-initiated HTTPS connections that use a remote certificate trust store on CUCM (TVS)

https://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/116232-technote-sbd-00.html

 

Signaling and media use CTL, which you generate when you enable mixed mode, which is not enabled by default.

HTH

java

if this helps, please rate
Customers Also Viewed These Support Documents