On Sun, 2010-06-27 at 15:53 -0400, James Sharp wrote: > Andrew Latham wrote: > > SIP TLS or a nice SNOM phone with VPN will do the trick... > > No it won't. Transport layer encryption won't solve the problem of > brute forcing weak passwords, which is what I believe this whole > discussion started with. > > The SNOM phone is a little stronger, but only through > security-through-obscurity of having to crack the VPN, then knowing how > to configure your SIP client to talk through the VPN. Still, not > entirely secure. >
I thought that TLS was documented, after all products like freeswitch.org support it, and the snom phones. If that is the case its not security by obscurity. TLS as I understand it can be configured to use certificates for authentication, which means that you would have to either break the ciphers used for the certificate or steal the certificate itself. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
