[asterisk-biz] 87.230.80.186
Bret McDanel
trixter at 0xdecafbad.com
Sun Jun 27 15:15:55 CDT 2010
On Sun, 2010-06-27 at 15:53 -0400, James Sharp wrote:
> Andrew Latham wrote:
> > SIP TLS or a nice SNOM phone with VPN will do the trick...
>
> No it won't. Transport layer encryption won't solve the problem of
> brute forcing weak passwords, which is what I believe this whole
> discussion started with.
>
> The SNOM phone is a little stronger, but only through
> security-through-obscurity of having to crack the VPN, then knowing how
> to configure your SIP client to talk through the VPN. Still, not
> entirely secure.
>
I thought that TLS was documented, after all products like
freeswitch.org support it, and the snom phones. If that is the case its
not security by obscurity.
TLS as I understand it can be configured to use certificates for
authentication, which means that you would have to either break the
ciphers used for the certificate or steal the certificate itself.
More information about the asterisk-biz
mailing list