> On Aug 9, 2018, at 9:47 PM, Brandon Martin <lists.voice...@monmotha.net>
> wrote:
>
> On 08/09/2018 04:46 AM, Alex Balashov wrote:
>> Yes, but until and unless your upstream supply chain is doing TLS and
>> you can provide end-to-end security, it's a pointless waste of time.
>
> There's also an argument to be made that I haven't seen brought up for
> protecting SIP registration credentials either by providing transport
> confidentiality for a conventional password/secret or by using TLS client
> certificates. If you're at all worried about an adversary observing your
> actual comms, I'd be doubly worried about somebody stealing registration
> credentials and abusing them.
TLS was never about end to end confidentiality. We have wiretap obligations
after all. Until the last copper line is dead and gone there will always be a
way for unencrypted calls to occur.
TLS is good when you don't want your local IT staff to know what the CEO is
talking about, or to wiretap his coworkers (assuming hosted PBX). The likely
attack surface for a customer's confidentiality will be somewhere between that
handset and you, and you have a means to protect that.
-Paul
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
