[asterisk-dev] RFC4733 SRTP option

[Nick Lewis]

>I think you make the wrong assumption. Even in a SOHO pbx, 
>users can call the bank and expose account and pin code over 
>DTMF. Anyone with wireshark will be able to pick it up easily.

My point is that there is nothing special about rtp events. One
could equally well knock up a wireshark dissector that 
detected inband tones in g711. Similarly one could (with the 
help of a speech recognition lib) knock up a wireshark 
dissector that found "Please say letter <N> of your password 
now" and over the months captured the full password.

I do not have any thing against security but I do not see the 
need to make rtp events a special case

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre.
_____________________________________________________________________
Disclaimer of Liability
ATL Telecom Ltd shall not be held liable for any improper or incorrect use of the  information described and/or contained herein and assumes no responsibility for anyones use  of the information. In no event shall ATL Telecom Ltd be liable for any direct, indirect,  incidental, special, exemplary, or consequential damages (including, but not limited to,  procurement or substitute goods or services; loss of use, data, or profits; or business  interruption) however caused and on any theory of liability, whether in contract, strict  liability, or tort (including negligence or otherwise) arising in any way out of the use of  this system, even if advised of the possibility of such damage.

Registered Office: ATL Telecom Ltd, Fountain Lane, St. Mellons Cardiff, CF3 0FB
Registered in Wales Number 4335781

All goods and services supplied by ATL Telecom Ltd are supplied subject to ATL Telecom Ltd standard terms and conditions, available upon request.