[Dundi] [RFC] GPA accountability/recourse and potential protocol
addition
Kevin P. Fleming
kpfleming at starnetworks.us
Thu Dec 9 16:21:47 CST 2004
Mark Spencer wrote:
> Au contraire, IAX does support public key authentication.
Yes, I knew that. What it doesn't support is transfer of EIDs, or public
key authentication without both ends already having the proper keys in
place. In my case, I was receiving calls from a system that I had no
prior contact with, so there was not any means for me to have their
public key to match up with the private key they use. I'm not suggesting
it _should_ support that, though, because the only trustable way to do
it is for the public key(s) to be posted and retrieved from some central
authority.
> The general idea here is that you would obtain the key by going through
> your directly trusted peers. We cannot technologically prevent fraud,
> but it may be possible to improve the protocol in such a way as to make
> the tracing of fraudulent calls easier.
Exactly, I'm glad you agree. I'll continue to pursue this as a mental
exercise for now... if any coders want to jump in and try to work on
this, I'll be happy to incorporate patches on my test system and help
debug them.
More information about the Dundi
mailing list