[Asterisk-Security] Opportunistic encryption

Enzo Michelangeli enzomich at gmail.com
Fri Jul 21 18:15:49 MST 2006


----- Original Message ----- 
From: "Duane" <duane at e164.org>
Sent: Saturday, July 22, 2006 7:53 AM

[...]
> I'm trying to avoid hard coded/predefined shared secrets, and this is
> where something like X.509 keys/certs will come into it, so you don't need
> to know *anything* about the remote server prior to connecting to other
> servers.

X.509 opens the can of worms of certification chains, authorities etc. Most
importantly, how would a certificate issued by a trusted third party ensure
that your peer does not eavesdrop the calls? If you know nothing about the
remote server, you can't know if it's friend or foe either. At that point,
why have authentication in first place?

> For example with SMTP, a connection is sent to a remote server, then the
> local server sends a ehlo message, and the remote server responds with a
> list of authentication and other methods, one of which is STARTTLS, if the
> local end sends STARTTLS both servers start handshaking. The remote
> (and/or local) server sends their X.509 cert, one end generates a shared
> symmetrical key and encrypts it with the certificate that was sent, the
> other server then decrypts it and then both servers start communicating
> for the length of the session with the generated shared secret.

This prevents forward secrecy: the encrypted secret may be saved by an
eavesdropper, and successively decrypted if the private key of the recipient
is somehow recovered. I would recommend you, instead, to negotiate an
ephemeral session key with Diffie-Hellman, and reserve the public key
algorithms only to the optional authentication (which is not present in a
purely opportunistic scenario). This is quite easy with TLS, using e.g. the
TLS_DH_RSA_WITH_AES_128_CBC_SHA suite if authentication is required or the
TLS_DH_anon_WITH_AES_128_CBC_SHA suite if not; and I understand that it's 
the most common mode of operation for ESMTP with STARTTLS. OpenVPN is a good 
example of how to leverage TLS and its OpenSSL implementation to secure an 
application with limited effort.

Enzo



More information about the Asterisk-Security mailing list