• Idefisk
  • Tools
  • Tutorials
  • Reviews
  • VoIP Providers
  • Archives
ZOIPER softphone
AsteriskGuru Archives
Mailing List Archives
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

[asterisk-biz] Toll Free Toll Free tollfreetollfree.com SIP

 
   AsteriskGuru Archives Forum Index -> Asterisk-Biz
View previous topic :: View next topic  
Author Message
trixter at 0xdecafbad.com
Guest
PostPosted: Sat May 23, 2009 12:52 pm    Post subject: [asterisk-biz] Toll Free Toll Free tollfreetollfree.com SIP
On Sat, 2009-05-23 at 09:19 -0400, SIP wrote:
Quote:
It's also too bad that once your phone call heads to the PSTN, any form
of encryption becomes functionally worthless. It's INCREDIBLY easy to
tap into, trace, and catalogue a PSTN phone call.


there is nothing that can be done about that, unless the answering end
supports crypto too. I still think its easier to monitor VoIP calls
since that can be done from almost anywhere on the intarweb (although do
it in the wrong spot and it becomes quite noticable). PSTN *generally*
requires physical access limiting the ones who can do this somewhat.

Quote:
Still... is very nice to see someone providing ZRTP services. Would like
to see more of that in the future.

yeah, and to be crypto agnostic like that, both SRTP/TLS and ZRTP is a
nice bonus. Ensures that more people can use it, although the way that
ZRTP works, it becomes harder to validate the cipher since you cant
compare the codes each end provides. If you use a mechanical voice or a
sip im it becomes trivial to spoof the challenge/response codes, it
relies on humans speaking and listening to share the codes to validate.

Because you cant validate the cipher I cannot say that you can trust
ZRTP in this implementation, but then it was not designed to be on a
server side, this is where TLS can be handy. However SRTP/TLS is
designed to be server side but not as dynamic nor forget everything
about the session making key recovery impossible (the cert is still
there), something ZRTP is designed for.

ZRTP is more of an end to end human to human implementation, so for
things where the server has to be in the middle SRTP/TLS is certainly
superior.



--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721



_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Back to top
Display posts from previous:   
   AsteriskGuru Archives Forum Index -> Asterisk-Biz All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
contact us at: support@asteriskguru.com - asterisKGuru.com © all rights reserved   |   *asterisk is registered trademark of © Digium™