[Asterisk-Security] Opportunistic encryption

[Enzo Michelangeli]

----- Original Message ----- 
From: "Duane" <duane at e164.org>
To: "Asterisk Security Discussion" <asterisk-security at lists.digium.com>
Sent: Saturday, July 22, 2006 9:26 AM

> Enzo Michelangeli wrote:
>
>> X.509 opens the can of worms of certification chains, authorities etc.
>> Most
>
> Hasn't stopped SMTP-TLS from going full steam ahead...

Yes, but SMTP-TLS can use unauthenticated ephemeral DH, which was precisely
what I suggested. This leaves the door open to adding certificates for
particular peers, if/when available.

>> importantly, how would a certificate issued by a trusted third party
>> ensure that your peer does not eavesdrop the calls? If you know
>> nothing about the remote server, you can't know if it's friend or foe
>> either. At that point, why have authentication in first place?
>
> Because it lets you move forward to using particular CAs in future,
> getting people to do something from which a stepping stone can lead to
> something better in future...

I don't dispute that (see above), I just say that anybody can get a
certificate from Verisign or any other CA, and still silently eavesdrop
calls. The situation is fundamentally different from the use of X.509-based
server authentication in HTTPS for, e.g., ecommerce: there the end user
behind the browser is responsible for deciding whether or not he can trust
the bank or merchant that runs the server; the CA, as trusted third party,
just vouches for the _identity_ of the latter, not its trustworthiness. If
we want to extend this model to VoIP, we need SIP clients able to display
the equivalent of the clickable yellow padlock to reveal the identity of the
party that has authority over the machine where the secure hop ends. Then,
the user will make up his mind about the security of the whole path, which
may be longer than that hop.

Anyway, this approach is totally different from ZGP's, where the security is
strictly end-to-end and the authentication is biometric.

Enzo