Thanks Kristian
Is it just the encryption that is not secure? If I am not looking at encrypting
media but using RSA for authentication, is this also insecure?
My concern is not call eavesdropping but instead unauthorised use through SIP
brute force registration.
I would like to use TLS but my understanding is that you currently cannot
enforce client certificate verification (tlsverifyclient=yes). Is this still
the case? Do any clients even support this?
https://issues.asterisk.org/jira/browse/ASTERISK-17856
The only option I have left is VPN really.
Regards
Michael Knill
On 16/03/2014, at 3:41 AM, Kristian Kielhofner <[email protected]> wrote:
> IAX encryption should not be trusted for anything deemed important.
>
> Even basic reviews have uncovered several security issues and it hasn't been
> well studied beyond that.
>
> If it must be secure use SIP over strong TLS with good keys, cipher suites,
> etc or use a VPN.
>
> On Saturday, March 15, 2014, Benjamin L. Naber <[email protected]>
> wrote:
> Not yet.
>
> I called the folks who make Zoiper to inquire when a feature like that
> would be available, and it was stated they are working on it.
>
> Not only does IAX2 support RSA authentication, it also supports stream
> encryption.
>
>
>
> On Sat, 2014-03-15 at 16:08 +1100, Michael Knill wrote:
> > Hi group
> >
> >
> > I have been looking at secure remote telephony access solutions for
> > Astlinux.
> > I found that IAX supports RSA authentication which looks great but I
> > cant seem to find any clients which support it. Does anyone know if
> > there is one?
> > Is this only used for trunking between Asterisk systems?
> >
> > Regards
> > Michael Knill
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Learn Graph Databases - Download FREE O'Reilly Book
> > "Graph Databases" is the definitive new guide to graph databases and their
> > applications. Written by three acclaimed leaders in the field,
> > this first edition is now available. Download your free book today!
> > http://p.sf.net/sfu/13534_NeoTech
> > _______________________________________________ Astlinux-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to
> > support AstLinux are graciously accepted via PayPal to [email protected].
>
>
>
> --
> Sent from mobile device
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech_______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
