[Asterisk-Users] IAX/IAX2 encryption?

Emanuele Pucciarelli ep at acm.org
Tue Nov 11 17:55:28 MST 2003


Hello,

> The PGP documentation suggestes that users cary their key
> in a floppy and never copy the key file to the hard disk.
> So your "little black plastic key" is a floppy with the write
> tab punched out.

Maybe I've missed an important turn in this thread, but it seems to me
that the discussion was about encrypting phone conversations when users
are "on the road".  Wouldn't using a floppy disk or a pen drive with
your own private key on an untrusted machine defy the whole purpose of
keeping it private?

Probably it can be helpful anyway in most situations, and is surely
better than no encryption at all, but it seems to me that a good
solution to the problem implies some kind of smart encryption device
(why not on USB, rather than a smart card!); that should be enough to
foil also man-in-the-middle attacks, if at least one endpoint is already
trusted.

Bye,

--
Emanuele




More information about the asterisk-users mailing list