[h323implementers] [Openh323gk-users] [Openh323gk-developer] Thoughts on H.323 encryption or Why your AES encryption might be worth nothing
jan at willamowius.de
Mon Sep 23 09:09:41 EDT 2013
Simon Perreault wrote:
> Le 2013-09-23 13:25, Hani Mustafa a écrit :
> > Most vendors (including aforementioned vendors) have mostly just hoped
> > that the entire industry is going to move to SIP and also placed their
> > bets there, hoping that all the security problems with H.323
> > authentication would go away.
> As long as nobody verifies TLS certificates, I don't see how the
> situation can change for either SIP or H.323.
Exactly my point: Lets use TLS and check the certificates as closely as
GnuGk currently checks the certificates signature (either against your
own CA or the public CAs you configure) and can also check if the IP
the call comes from matches the certificate.
Everybody is invited to check the source code if I do it right and is
encouraged to implement similar checks in other endpoints, gateways or
See Toolkit::MatchHostCert() in Toolkt.cxx
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan at willamowius.de
Relaxed Communications GmbH
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
More information about the h323implementers