[Asterisk-Dev] AES voice encryption for IAX2

[Duane]

Adam Hart wrote:
> Good idea, ADH is public key crypto but hopefully isn't too processor 
> intensive (anyone know about this?) But yes, it's a good half way 
> between RSA and just MD5 challenge and response. I think that's actually 
> a better way for a default encryption. Establish a ADH session then do 
> the normal call setup (eg MD5 challenge and response, then (obviously) 
> the call)

Ok couple of things, a friend and myself have a patch for asterisk to do 
a lookup on a TXT record in DNS similar to enum lookups to turn a caller 
id into a name for displaying on phones that support it...

http://e164.org's code has been updated to add a TXT field with a name 
to a persons enum records in the system...

this lead on to thinking about a method of preventing voip spam, you 
could send any calls without caller id to voicemail, or if they have 
caller id match it to NAPTR records in DNS, which of course lead on to 
distributing PKI keys in DNS...

Someone happened to prepare a few of these before hand for us already :)

ftp://ftp.ietf.org/rfc/rfc2437.txt - pki keys in DNS
ftp://ftp.ietf.org/rfc/rfc2535.txt - rsa keys in DNS

And this can lead onto the work I've been doing with CAcert on 
distributing keys via a finger daemon type service...

http://www.cacert.org/index.php?id=26&prob=8

Or we could just skip to the bottom one, if there is an incoming 
connection grab host name and try and pull the certificate from the 
finger daemon...

Lots of options on key distribution, although the last one requires 
least user handling, all they need to do is set it up on their server, 
and the system takes care of the rest transparently...

-- 
Best regards,
  Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers