<div dir="ltr"><div class="">
<h1 class="" style="background-image:url("/secure/projectavatar?pid=10240\000026avatarId=10011\000026size=large")">
<img id="project-avatar" alt="" class="" src="https://jira.polycom.com:8443/secure/projectavatar?pid=10240&avatarId=10011&size=large" height="48" width="48">
</h1>
<ul class=""><li>
<a id="project-name-val" href="https://jira.polycom.com:8443/browse/EXT">
External Feature Requests</a>
</li><li class=""><a id="key-val" href="https://jira.polycom.com:8443/browse/EXT-4669">EXT-4669</a></li></ul>
<h2 id="issue_header_summary" class=""><a href="https://jira.polycom.com:8443/browse/EXT-4669">Please add StartSSL.com StartCOM Certificate Authority</a></h2>
</div><br><a href="https://jira.polycom.com:8443/browse/EXT-4669">https://jira.polycom.com:8443/browse/EXT-4669</a><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 1, 2012 at 6:06 AM, Daniel Pocock <span dir="ltr"><<a href="mailto:daniel@readytechnology.co.uk" target="_blank">daniel@readytechnology.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
<br>
On 01/02/12 10:58, Stuart Elvish wrote:<br>
> Thanks for the clarification. I have looked at Polycom's website and<br>
> saw which phones have the latest firmware (or at least a firmware that<br>
> supports TLS) available.<br>
><br>
> Didn't get around to the testing with the chained certificate but will<br>
> try again this evening.<br>
><br>
><br>
<br>
</div>One thing that frustrates people about Polycom is the very limited list<br>
of root CAs they support - it was probably OK when they first started<br>
doing SSL, but things have changed a lot now<br>
<br>
The latest phones (e.g. IP321) have more memory than those they replace<br>
(e.g. IP320) and so they should be able to handle a larger list of built<br>
in root CAs (which Polycom can distribute through the firmware update).<br>
The obvious ones that are missing are the budget CAs:<br>
<br>
- CaCert.org (all certs are free)<br>
- <a href="http://startssl.com" target="_blank">startssl.com</a> (which has some free certs)<br>
- GoDaddy<br>
<br>
These budget CAs are now supported by the various Linux distributions<br>
and Android phones, so they are clearly above a certain threshold of<br>
stability<br>
<br>
Polycom phones should also be able to handle 4096 bit certs with the<br>
extra memory, but that appears to need remediation in the firmware (I<br>
tried installing a custom 4096 bit cert and it didn't accept it)<br>
<br>
If anyone is registered with Polycom as a reseller, they can quote these<br>
issue numbers:<br>
<br>
EXT-3192 GoDaddy root CA cert<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3192" target="_blank">https://jira.polycom.com:8443/browse/EXT-3192</a><br>
<br>
EXT-3193 CACert root CA cert<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3193" target="_blank">https://jira.polycom.com:8443/browse/EXT-3193</a><br>
<br>
EXT-3238 Support for 4096 bit keys<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3238" target="_blank">https://jira.polycom.com:8443/browse/EXT-3238</a><br>
<br>
As in most commercial enterprises, the more customers who request fixes<br>
on these issues, the higher it will go on their priority list<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br></div>