On 2013-09-23 14:27, Simon Perreault wrote: > Le 2013-09-23 13:25, Hani Mustafa a écrit : >> Most vendors (including aforementioned vendors) have mostly just hoped >> that the entire industry is going to move to SIP and also placed their >> bets there, hoping that all the security problems with H.323 >> authentication would go away. > In practice, SIP is just as vulnerable to MitM attacks. Here's a very > good overview: > > http://slideshare.net/oej/ietf-poshsipsecurityoej > > As long as nobody verifies TLS certificates, I don't see how the > situation can change for either SIP or H.323. > Maybe RFC4474 could be answer for sip. An implementation: http://kamailio.org/docs/modules/4.0.x/modules/auth_identity.html ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
