Just few days ago, the new firmware version 1.3.2(XU) has been released for both SPA1x2 and SPA232D.
Release Notes claim the only change - SRTP is removed. No further details about the issue solved by it. No details mean severe bug in most cases. Cisco is not publishing new releases just for fun.
Not to disclose issues with particular firmware is bad practice in all cases as undisclosed issue may hurt any particular customer. But in the case of security related features, like SRTP, it's just unacceptable. A chinese company selling cheap crap for few cents may try to hide the problems and put it's customer in risk. I'm expecting no such approach from the Cisco.
So - should I assume there is a severe bug in SRTP implementation ? Is SRTP implementation in pre-1.3.2(XU) firmware reliable and secure, or should I forgot the SRTP at all ?
