Showing results for 
Search instead for 
Did you mean: 

CTL and ITL - Why do we need two different Trust Lists

Level 1
Level 1

Hello Cisco community,


the ITL file has the following functions: Authenticated-, encrypted -TFTP-Files, TVS. The CTL has the following functions: Authenticated-, encrypted -TFTP-Files, ecrypted call signaling and call media.


The question I ask myself is why does the SBD (ITL) not also encrypt voice signaling and media. Since the tokenless approach of the CTL file are there any differences between how secure each trust list actually is, compared to each other (ITL vs CTL). In other words, why wouldn't I use the ITL file for call encryption.


Thank you in advance.

1 Reply 1

Jaime Valencia
Cisco Employee
Cisco Employee

Because ITL is not used for that purpose, and is enabled by default

SBD Overview

This section provides a quick overview of exactly what SBD provides. For full technical details of each function, see the SBD Detail and Troubleshooting Information section.

SBD provides these three functions for supported IP phones:

  • Default authentication of TFTP downloaded files (configuration, locale, ringlist) that use a signing key
  • Optional encryption of TFTP configuration files that use a signing key
  • Certificate verification for phone-initiated HTTPS connections that use a remote certificate trust store on CUCM (TVS)


Signaling and media use CTL, which you generate when you enable mixed mode, which is not enabled by default.



if this helps, please rate
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: