Hi, maybe I am asking something stupid, but how are TLS certificates for SIP servers handled?
Are they "hardcoded" in some way or not? I mean, what happens, if someone tries to perform an MITM attack? Does user get a warning, that certificates are self-signed? What abut if certificates are signed with trusted certificate authority (for instance - they could be hacked, or some rogue employee sign them)? Does Linphone has some mechanisem like TOFU/POP (Trust On First Use / Persistence Of. Pseudonym)? If not, it would be great if it would have it... Regards, Matej -- PGP Fingerprint: 3B74 637D 8409 53F9 A704 F27C BEA5 286D A9CF 4A88 PGP Key: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBEA5286DA9CF4A88 Personal blog: https://pravokator.si _______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
