Re: [h323implementers] NSA H.323 surveilance

-- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@willamowius.de Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Paul E. Jones wrote: > Jan, > > There is no doubt that we need to improve security. Most of the H.323 > and SIP networks follow a transitive trust model. That wouldn't be so > bad, except there appear to be multiple weaknesses with TLS > certificates. > > Are they able to compromise a certificate without creating a bogus > certificate? Or are they using bogus certificates? (The latter is > actually trivial for them to do. Most people would never recognize that > a bogus certificate was employed.) > > Both H.323, SIP, and the forthcoming H.325, we need to take additional > steps to fight against MiTM attacks. It's likely impossible to remove > the transitive trust element, though. > > Paul > > ------ Original Message ------ > From: "Jan Willamowius" jan@willamowius.de > To: "openh323gk-users@lists.sourceforge.net" > openh323gk-users@lists.sourceforge.net > Cc: h323implementers@lists.packetizer.com > Sent: 3/13/2014 12:04:18 PM > Subject: [h323implementers] NSA H.323 surveilance > > >Hi, > > > >The Intercept just published a few very interesting slides how the NSA > >intercepts H.323 (and SIP and Skype) VoIP traffic: > > > >https://firstlook.org/theintercept/document/2014/03/12/vpn-voip-exploitation... > > > >Notice how the HAMMERSTEIN component on page 4 "processes" the call > >signaling as man-in-the-middle. This would pretty much match the attack > >I have been warning about previously when I wrote "Why your AES > >encryption might be worth nothing". > > > >http://www.gnugk.org/h323-encryption.html > > > >Another interesting fact seems to be that they targeted H.323 and SIP > >before taking on Skype (bottom of page 2). > > > >Regards, > >Jan