Le 2013-09-23 15:09, Jan Willamowius a écrit : > GnuGk currently checks the certificates signature (either against your > own CA or the public CAs you configure) and can also check if the IP > the call comes from matches the certificate.
The weak point here is, and has always been, the necessary PKI infrastructure. Way too complex to set up and maintain. A way to untie this knot could be to use DANE, a protocol for verifying TLS certificates using self-published DNSSEC records. No need for a CA. There is this proposal for SIP, but one could easily imagine an H.323 equivalent: https://tools.ietf.org/html/draft-johansson-dane-sip-00 Simon ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:[email protected] Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
