I wonder if anyone else on the list has expressed any intrest in having
some type of native support for encryption for IAX? I hear IPSEC adds
some latency... I would like to side step that for something simpler to
setup.
bkw
___
Asterisk-Users mailing l
I second that, and I think I remember hearing Mark talking about it too. But.
What type of encryption can you do that does not introduce latency?
That said, I would like it to support hardware encryption cards.
I have done work with FreeS/WAN and it works, and yes it adds about 30-100ms of
On Mon, Nov 10, 2003 at 03:26:06PM -0500, Brian J. Schrock wrote:
>
> I second that, and I think I remember hearing Mark talking about it too. But.
>
> What type of encryption can you do that does not introduce latency?
>
> That said, I would like it to support hardware encryption cards.
>
On Mon, Nov 10, 2003 at 03:22:43PM -0600, PJ Welsh wrote:
> On Mon, Nov 10, 2003 at 03:26:06PM -0500, Brian J. Schrock wrote:
> >
> > I second that, and I think I remember hearing Mark talking about it too. But.
> >
> > What type of encryption can you do that does not introduce latency?
> >
Brian,
Mark was talking about it with JustinT at PN7. I caught the end of the
conversation. The question I asked then (and still ask now) is, (for
the IAX/IAX2 case at least) why load down the PBX with PBX-to-PBX
encryption?
If you look at the way most large organizations (mil
The below is all correct. In fact the US DoD has very restrictive
and conservative rules about how some types of data are handled.
Basically if it leaves a trusted area it will so through a hardware
crypto box.
Some of the rules are to ensure that data are protectied even if
the hardware is badly
On Mon, 2003-11-10 at 20:25, Chris Albertson wrote:
> The below is all correct. In fact the US DoD has very restrictive
> and conservative rules about how some types of data are handled.
> Basically if it leaves a trusted area it will so through a hardware
> crypto box.
> Some of the rules are to
I agree with everyone's comments. I'm talking something a bit more light
weight to keep the casual network snooping from taking place. IPSEC
requires full control of both ends Not an ideal solution in some
cases. It was just a thought to see who all was intrested.
bkw
__
> >
> I'd really like to see this. Maybe each user could have a little
> black
> plastic key they could insert and turn to go secure.
The PGP documentation suggestes that users cary their key
in a floppy and never copy the key file to the hard disk.
So your "little black plastic key" is a flopp
On Mon, 2003-11-10 at 21:54, Chris Albertson wrote:
> The PGP documentation suggestes that users cary their key
> in a floppy and never copy the key file to the hard disk.
> So your "little black plastic key" is a floppy with the write
> tab punched out.
Actually I use a USB pen drive. Its a lot
Brian,
Its definitely something that needs some more thought. I agree with
Chris's points on client side implementation. I'm hoping Mark will
chime in here about what (if any) further thoughts he has about loading
some type of encryption into the IAXy.
THX/BDH
Hi!
> conversation. The question I asked then (and still ask now) is, (for
> the IAX/IAX2 case at least) why load down the PBX with PBX-to-PBX
> encryption?
For bigger setups I agree with you, but consider this scenario:
I am in a hotel or at a friend's place without my laptop. I download an
> Its definitely something that needs some more thought. I agree with
> Chris's points on client side implementation. I'm hoping Mark will
> chime in here about what (if any) further thoughts he has about loading
> some type of encryption into the IAXy.
If you're looking for encryption eno
> If you're looking for encryption enough to foil casual sniffers why not just
> use something like DES1 or even straightforward and fast XOR encryption and
> use a hash of the call ID, trunking messages and rekey with new values
> every few seconds (let's say with a random sample of the unencrypte
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Albertson wrote:
|>I'd really like to see this. Maybe each user could have a little
|>black
|>plastic key they could insert and turn to go secure.
|
|
| The PGP documentation suggestes that users cary their key
| in a floppy and never copy the ke
Mark,
What about using OpenSSL? It has the "right" lincense (BSD-like)
and has become a bit of a standard.
It will do everything that has been requested including interface
with external hardware encrption devices. SSL allows the two
ends to "decide" on a cipher much like VOIP phones "decide"
Mark,
Would it be within scope to request an Ibutton interface on the IAXy?
This might be a good way to both ID the user and store key variables.
There is a site at -- http://www.ibutton.com/ -- that provides a gateway
into all the Ibutton devices, protocols, etc.
The DS1996L wi
Hello,
> The PGP documentation suggestes that users cary their key
> in a floppy and never copy the key file to the hard disk.
> So your "little black plastic key" is a floppy with the write
> tab punched out.
Maybe I've missed an important turn in this thread, but it seems to me
that the discuss
There is nothing you can use that will help you if the machine
itself is not trusted. Hardware encryption can't help if the
USB port or sound card on the PC is "bugged". It would be easy
to write a device driver for a sound card that sent data out
some back door. If you are _very_ concerned you
19 matches
Mail list logo