Olivier wrote: > > > 2008/1/10, Robert Moskowitz <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>: > > Olivier wrote: > > > > > > 2008/1/10, Robert Moskowitz <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>: > > > > Jeronimo Romero wrote: > > > > > > Does anyone know if sip phones from any of the major IP phone > > vendors > > > support 802.1x authentication? Any feedback would be greatly > > appreciated. > > > > > This is so unlikely. I worked on 802.1X and 802.11i. There is > > just too > > much overhead there. No way to meet the ITU 50ms disruption > > requirement. > > > > > > Do you mean ITU is asking phone to authenticate within a 50ms > time frame ? > > Or do you mean, RTP flow encryption shouldn't exceed 50ms ? > The later. So an authenticate while a flow is in process can kill > the > call. This is what can happen during a roam (or a re-key). > > > OK : now I understand what you meant . > Myself, I was thinking about desktop hardphones so I didn't why this > authentication process duration would matter. Depends on what your 802.1X timeout is set at. There is still rekeying based on the expected 'lifetime' of your key. With 802.1AE we had to design for 10Gb and typical rekeying would be every few minutes! So the actual protection is done with sub-keys. But today, pretty much every protocol we design has a 'key hierarchy'. Burn me once ok, but not twice... > Have you looked at Meru or Extricom stuff ? Meru way back and they were 'on track'. Not Extricom.
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
