Hello. I was wondering if someone could give a brief clarification on how the AG makes sure intruders cannot infiltrate an ongoing session between say me and my client.
Below are questions, not statements. Please correct/clarify/confirm them. - This is done by certificates? * After I notice someone has broken in to my venue, I can "blacklist" him/her, or rather that particular certificate. * I can also beforehand deny anyone access to my venue except certain certificates, some selected persons that I want to allow in? They must already have access my venues so I can have a handle on their certificates? Or do I only need them to tell my their distinguished name? * If someone is not allowed entrance, his/her VenueClient doesn't receive the multicast addresses from the venue so he cannot connect to the venue. "Impossible" to guess the multicast addresses. But what if he knows them? If they are static, and somehow he knows, either because he already has connected to it (a former client perhaps) or because it is stated on my website or something. What stops him from just starting VIC and RAT and listening to all my confidential conversations? - Encryption key? * Are the video/audio streams encrypted? Hashed up and sent that way through the network? No one can decypher them unless he has the key? How is that key known by all parties? Who sets that key? * So if "a bad guy" guessed (knew) my multicast addresses he still would not see/hear my meetings unless he also knew the encryption key? * Why aren't I ever asked for an en(de)cryption key when I enter venues? Please answer some (all) of those questions, and all the others I forgot to ask as well :) Thank you.
