[asterisk-users] is encrypted iax safe and secure?
Steve Johnson
stevej456 at gmail.com
Fri Feb 15 12:57:46 CST 2008
Of course *it would be nice if* the IAX2 authentication parameters
were also encrypted, so that there was no danger of a 3rd party
hijacking your connection and generating a bunch of extra charges.
S.
On Fri, Feb 15, 2008 at 11:31 AM, Kevin P. Fleming <kpfleming at digium.com> wrote:
> Tim Panton wrote:
>
> > The NEW frame doesn't _have_ to contain a dialed number, the digits
> > can be sent later
> > (I forget the frametype), but later means within the encrypted
> > session :-)
>
> It's the DIAL command that you are thinking of. I'm considering
> implementing this, but it has one major caveat: to really do the job
> right, we wouldn't want any caller information (CLID or CNAM) to be in
> the NEW message either, it would have to be added as IEs to the DIAL
> command. Unfortunately no existing implementations are going to be
> prepared to receive that information as part of DIAL, so they would
> process this sort of call with an empty CLID and CNAM. We can of course
> enhance chan_iax2 to understand this method of doing things, but it
> won't be backward compatible with previous versions of Asterisk or any
> other IAX2 clients.
>
> --
> Kevin P. Fleming
> Director of Software Technologies
> Digium, Inc. - "The Genuine Asterisk Experience" (TM)
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list