> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Kevin P. Fleming > Sent: Monday, February 18, 2008 4:13 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] is encrypted iax safe and secure? > > Steve Johnson wrote: > > Of course *it would be nice if* the IAX2 authentication parameters > > were also encrypted, so that there was no danger of a 3rd party > > hijacking your connection and generating a bunch of extra charges. > > Can you elaborate? I don't see any way that a connection can be > 'hijacked' as you put it.
>From what I've understood, Asterisk and iax2 already implement (optional) secure authorization based upon MD5 challenge. >From a iax2 client perspective just username (and not password) passes in clear over network, therefore wiretapping the connection is not enough to steal iax2 credentials. Media traffic will be encrypted when someone will implement it on client side, however even then, Called and Callee will be in clear. Best Regards, Claudio Internet Email Confidentiality Footer ----------------------------------------------------------------------------------------------------- La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto. This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred. ----------------------------------------------------------------------------------------------------- _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
