Simon Research Diffie Hellman. Just because you see the public half of a one half of the diffieHellman (remember there is also a generated matching private half) means you are anywhere close to decoding it. Even just seeing the 2 public halves of a strong Diffie Hellman may not enough. You need to gain access to the private key halves. The attack vector for H.235.6 is to generate and replace the diffie hellman keys on the way through so they use their own public and private key pair rather than the end users so the media can be decrypted. Signing the public key pair half ensures that the key pair being set on the first leg is not tampered with when it gets to the other end thus detecting the attack vector. This is the best outcome to ensure backwards compatibility with existing H.323 devices. That is the aim. Not necessarily to come up with the best solution but to develop a solution that can be easily and gradually deployed into existing networks. AFAIK. ZRTP is not recognized by any standards body. Simon -----Original Message----- From: Simon Perreault [mailto:simon.perreault@xxxxxxxxxxx] Sent: 24 September 2013 02:31 To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: [h323implementers] [Openh323gk-developer] Thoughts on H.323 encryption or Why your AES encryption might be worth nothing Le 2013-09-23 17:43, Simon Horne a écrit : > When a call is placed the certificate is signed embedded and the first > half of the Diffie Hellman is sent in the clear. The remote > authenticates the certificate and encrypts the reply Diffie Hellman > with the certificate supplied from the remote so only the caller can > decrypt it. It would also sign it's own certificate. This way each > party is authenticated I see only one side being authenticated with this scheme. Hello NSA! ;) Also, why no mention of ZRTP? Simon ---------------------------------------------------------------------------- -- LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
