[18594] in cryptography@c2.net mail archive
Nice use of opportunistic encryption with SIP
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Oct 1 10:51:36 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com
Date: Sun, 02 Oct 2005 00:50:58 +1200
In order to use encryption with SIP, you're stuck with using certificates
(there's no way to do authenticated DH like a number of other secure-phone
devices allow you to do). However, one vendor has found a nice way around
this: You go to their web page, enter your device IP address and SIP user ID,
and they generate a pre-packaged certificate for you that your browser posts
to the VoIP device once you click the submit button. See
http://voxilla.com/certrequest.php for the interface.
(I don't know if they use key continuity management, but they've certainly
reduced the PKI-based entry barrier for voice encryption to a minimum. The
only way to make it even easier would be to have the device automatically
contact the server for a cert when it's set up, but then that might be
difficult due to firewalling).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
