Hi all, As stated in the subject, slightly off-topic, as it is not directly a Asterisk issue, but more SIP in general Because security in general, and specifically identification becomes more and more a subject for more concern, and Asterisk is capable of doing sip/TLS, i was wondering what more could be done to improve security. Specially softphones, might it be possible to employ etokens or smartcards for holding the certificates needed by TLS? Done before? Curious, Hans
6 nov 2010 kl. 15.30 skrev Hans Witvliet:> Hi all, > > As stated in the subject, slightly off-topic, as it is not directly a > Asterisk issue, but more SIP in general > > Because security in general, and specifically identification becomes > more and more a subject for more concern, and Asterisk is capable of > doing sip/TLS, i was wondering what more could be done to improve > security. > > Specially softphones, might it be possible to employ etokens or > smartcards for holding the certificates needed by TLS? > > Done before?In the SIP protocol there is support for TLS client certificates, much like in HTTP. Asterisk doesn't support it. You need to put a SIP proxy like Kamailio in front of Asterisk to get this kind of strong authentication. /O