Re: [h323implementers] [Openh323gk-users] [Openh323gk-developer] Thoughts on H.323 encryption or Why your AES encryption might be worth nothing

Simon Perreault wrote:
Exactly my point: Lets use TLS and check the certificates as closely as we can. GnuGk currently checks the certificates signature (either against your own CA or the public CAs you configure) and can also check if the IP the call comes from matches the certificate. Everybody is invited to check the source code if I do it right and is encouraged to implement similar checks in other endpoints, gateways or gatekeepers! See Toolkit::MatchHostCert() in Toolkt.cxx http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/Toolkit.c... Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@willamowius.de Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584
participants (1)
-
Jan Willamowius