[asterisk-users] Security communication dilemma: your help needed
Kevin P. Fleming
kpfleming at digium.com
Sat Jan 10 10:04:53 CST 2009
Tzafrir Cohen wrote:
> Suggested modification)
>
> X also signs the message with his public key.
>
> (If X doesn't want to, this automated procedure will not apply)
I don't understand; if X signs the message using his public key, then
recipients would need X's private key to verify the signature. Who would
have that besides X?
> The security alias processor has in its keyring the "approved" public
> keys. If the signature passes, the mail can be simply forwarded as-is.
No, it can't. It has to be sent onwards to the recipients in encrypted
form, and the original message can't be sent to them because they don't
have the private key to use to decrypt the message (they would all need
the security@ private key to do so).
> Rationale: I wouldn't want this delay for every message I send through
> the alias.
I don't imagine this would take more than a minute to process a message.
It would hardly be noticeable.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kpfleming at digium.com
Check us out at www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list