Hi, ----- Original Message ----- > From: [email protected] > To: [email protected] > Sent: Monday, December 2, 2013 1:22:55 AM > Subject: [SFLphone] [Technical] Secure authentication > > asaunie sent a message using the contact form at > http://sflphone.org/contact. > > Hello, I'm curious to know how sflphone authenticates with the sip > server. > Does it use tls for key exchange or is my username and password going > over > the wire in plain text?
TLS support is available, but your SIP provider would have to support it, see: http://www.voip-info.org/wiki/view/SIP+TLS As for how your username and password are normally transmitted, see: http://www.sipsorcery.com/mainsite/Help/SIPPasswordSecurity (summary: not in plaintext but fairly vulnerable). That said, we are very concerned with secure calling and are looking to implement support for DTLS-SRTP (http://tools.ietf.org/html/rfc6347) in the near future. Best, Tristan -- Tristan Matthews Développeur de logiciels libres [email protected] Ligne directe: 514-276-5468 poste 190 Fax : 514-276-5465 7275 Saint Urbain Bureau 200 Montréal, QC, H2R 2Y5 _______________________________________________ SFLphone mailing list [email protected] http://lists.savoirfairelinux.net/mailman/listinfo/sflphone
