Nice use of opportunistic encryption with SIP

[Peter Gutmann]

In order to use encryption with SIP, you're stuck with using certificates
(there's no way to do authenticated DH like a number of other secure-phone
devices allow you to do).  However, one vendor has found a nice way around
this: You go to their web page, enter your device IP address and SIP user ID,
and they generate a pre-packaged certificate for you that your browser posts
to the VoIP device once you click the submit button.  See
http://voxilla.com/certrequest.php for the interface.

(I don't know if they use key continuity management, but they've certainly
reduced the PKI-based entry barrier for voice encryption to a minimum.  The
only way to make it even easier would be to have the device automatically
contact the server for a cert when it's set up, but then that might be
difficult due to firewalling).

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com