Simon Perreault wrote: > Le 2013-09-23 13:25, Hani Mustafa a écrit : > > Most vendors (including aforementioned vendors) have mostly just hoped > > that the entire industry is going to move to SIP and also placed their > > bets there, hoping that all the security problems with H.323 > > authentication would go away. > > [...] > > As long as nobody verifies TLS certificates, I don't see how the > situation can change for either SIP or H.323. Exactly my point: Lets use TLS and check the certificates as closely as we can. GnuGk currently checks the certificates signature (either against your own CA or the public CAs you configure) and can also check if the IP the call comes from matches the certificate. Everybody is invited to check the source code if I do it right and is encouraged to implement similar checks in other endpoints, gateways or gatekeepers! See Toolkit::MatchHostCert() in Toolkt.cxx http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/Toolkit.cxx?view=log Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
