cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2183
Views
5
Helpful
1
Replies
Highlighted
Beginner

CTL and ITL - Why do we need two different Trust Lists

Hello Cisco community,

 

the ITL file has the following functions: Authenticated-, encrypted -TFTP-Files, TVS. The CTL has the following functions: Authenticated-, encrypted -TFTP-Files, ecrypted call signaling and call media.

 

The question I ask myself is why does the SBD (ITL) not also encrypt voice signaling and media. Since the tokenless approach of the CTL file are there any differences between how secure each trust list actually is, compared to each other (ITL vs CTL). In other words, why wouldn't I use the ITL file for call encryption.

 

Thank you in advance.

Everyone's tags (5)
1 REPLY 1
Highlighted
Hall of Fame Cisco Employee

Re: CTL and ITL - Why do we need two different Trust Lists

Because ITL is not used for that purpose, and is enabled by default

SBD Overview

This section provides a quick overview of exactly what SBD provides. For full technical details of each function, see the SBD Detail and Troubleshooting Information section.

SBD provides these three functions for supported IP phones:

  • Default authentication of TFTP downloaded files (configuration, locale, ringlist) that use a signing key
  • Optional encryption of TFTP configuration files that use a signing key
  • Certificate verification for phone-initiated HTTPS connections that use a remote certificate trust store on CUCM (TVS)

https://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/116232-technote-sbd-00.html

 

Signaling and media use CTL, which you generate when you enable mixed mode, which is not enabled by default.

HTH

java

if this helps, please rate