Ah I forgot that SIP INFO for DTMF and TLS would be enough... but maybe not for the guidelines..
And yes, it's possible to con/bribe/hack the telco's.. but since the calls are going over the PSTN anyway, you remove the entire "public" part of the call from being open. I presume it's at least better if that's the only opening.. -Avi Marcus BestFone On Mon, Dec 19, 2011 at 2:46 PM, Alex Balashov <[email protected]>wrote: > You probably already know this, but there is no technical logic to the PCI > guidelines. It is not a logical process, and the requirements are not > conceived by people who really understand how technology and workflows in > voice service delivery function. And, in general, if the auditors don't > understand it--which they invariably don't--it's not compliant. > > So, for instance, with regard to DTMF, you could use SIP INFO for DTMF > transition, and encrypt your signaling (say, with TLS) but not your media. > Strictly speaking, that would be secure, since the credit card numbers do > not appear either as RTP OOB events in the media stream, or in-band, but > rather as signaling artifacts. However, this is way too clever for the > kinds of people that get to define the compliance requirements. > > More generally, the assumption that PSTN analog or digital lines are > inherently secure in ways that the public Internet is not is, of course, > ridiculous. In fact, by many accounts, sniffing third-parties' packets is > considerably more laborious a chore than bribing ILEC employees to assist > in tapping circuits, or going to a junction box with a set of alligator > clips. But, as I said, rhyme and reason is not part of the formula. > > > -- > Alex Balashov - Principal > Evariste Systems LLC > 260 Peachtree Street NW > Suite 2200 > Atlanta, GA 30303 > Tel: +1-678-954-0670 > Fax: +1-404-961-1892 > Web: http://www.evaristesys.com/ > > -- > ______________________________**______________________________**_________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/**mailman/listinfo/asterisk-biz<http://lists.digium.com/mailman/listinfo/asterisk-biz> >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
