[Asterisk-Users] VOIP Spam

Tracy R Reed treed at copilotconsulting.com
Sat Apr 17 17:02:42 MST 2004


On Sun, Apr 18, 2004 at 09:31:48AM +1000, Duane spake thusly:
> be sure more are issued on a correct basis. PGP model if you lived in 
> say Africa and wanted to communicate with someone in South America with 
> little or no prior relationship and you wanted to be sure the 
> communication wouldn't be intercepted you have 2 choices, fly to meet 
> each other or gain trust you both are who you say you are from an 
> impartial 3rd party that if it did it's job correct would be correct.

I prefer the PGP model because it includes the CA model. That is to say
that you can still have a CA within the PGP model. Both myself and my
colleague from Africa could pay a central CA we both trust (Verisign,
Thawte, whoever) to sign our keys and connect us in the web of trust. 

> *BUT*, and it's a very big but, there is 2 or 3 flaws in the PKI model, 
> firstly there is a crap load of money usually involved, where there is 
> money there is usually corruption, at this stage of the game the PKI 
> industry has had very little over all impact, something like 0.3% of web 

Yep. We end up with collusion which prevents competition in the CA space.
It's a shame common browsers only support a few select CA's.

> PGP model would obviously be an advantage in this case, but most people 
> don't have a clue about security practises and get so many pop-up 
> warning messages they simply click ok to whatever comes up.

I think huge improvements are needed in software to handle this. We really
need to encourage everyone to use signatures etc. and make them so
prevalent that email programs etc. will simply refuse to accept or display
non-signed and authenticated messages/connections/whatever.

> The other flaw is safe keeping of certificates, unless you have a 
> hardware device, the more difficult you make it for someone to break 
> digital security will only make them turn round and break physical 
> security...

Indeed but that is a far better situation than we are in now. We know very
well how to deal with physical security due to thousands of years of doing
so.

-- 
Tracy Reed                     The attachment is a digital signature.
http://copilotconsulting.com   More info: http://copilotconsulting.com/sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20040417/92774fd3/attachment.pgp


More information about the asterisk-users mailing list