sip.edu - Re: [sip.edu] Call Tomorrow - 7/20 (SPIT Prevention)
Subject: SIP in higher education
List archive
- From: Duane <>
- To: , John Todd <>
- Subject: Re: [sip.edu] Call Tomorrow - 7/20 (SPIT Prevention)
- Date: Wed, 19 Jul 2006 21:24:51 -0400
Ben Teitelbaum wrote:
Partial Solution 1: TLS encryption of SIP can ensure that
originators are who they claim they are via root certification
process. However, this is still some time away and is operationally
complex. Most SIP operators are not currently very interested in
the overhead of this method, and getting root certificates is
considered administratively complex as it requires paperwork from
other portions of the organization in many cases.
I posted to the asterisk security list the other day asking about opportunistic encryption for SIP/IAX, similar to SMTP-TLS, which is surprisingly wide spread considering nothing is mandated by anyone. One of the other hobbies I started was CAcert.org and the level of entry (and more importantly cost) for identity certificates is fairly low and both ways may overcome the bigger problem long term especially if something can be done sooner or later.
This doesn't cover the problem of CID spoofing on existing phone numbers specifically, this might be a suitable solution if you added an additional OID in certificates to include valid phone numbers, I haven't really considered this option although it's probably more suitable then SPF since the end point could do the verification rather then SIP servers (although the sip server could also I guess).
--
Best regards,
Duane
- Re: [sip.edu] Call Tomorrow - 7/20, (continued)
- Re: [sip.edu] Call Tomorrow - 7/20, Jeremy George, 07/19/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Candace Holman, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Jeremy George, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Duane, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Jeremy George, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Duane, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Christian Schlatter, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Duane, 07/20/2006
- Re: [sip.edu] Call Tomorrow - 7/20, Duane, 07/19/2006
- Re: [sip.edu] Call Tomorrow - 7/20 (SPIT Prevention), Duane, 07/19/2006
Archive powered by MHonArc 2.6.16.