On 25 Mar 2006, at 19:15, Douglas Garstang wrote:
Why do I need a username at all if I am doing rsa authentication? Why doesn't it match against the key?
So you want the receiving asterisk to take an incoming key and speculatively see if it matches _any_ of the keys mentioned in it's iax.conf? Not only is that a bit expensive computationally, but it also allows an attacker to test 10 (say) keys for the price of one.
Keys are for authentication not identification. Tim. Tim Panton [EMAIL PROTECTED] _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
